Dual VPN failover confusion...

Hello everyone,

Can someone offer some clarity on my questions regarding these two Palo Alto kbs?

1. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000POO0CAO&lang=en_US

In the screen shot, both primary and secondary tunne

source of user-id data

I'm troubleshooting what appears to be an issue with user-id. I want to confirm I'm identifying the correct Window Event Logs the User-ID Agent captures to populate the User-ID data. I'm reviewing the logs in Splunk, so the source is shows as WinEven

GlobalProtect disconnecting the RDP connection when trying to connect

Hello,

So I work in education and our department is currently having an issue with the most recent GlobalProtect update (6.2.2-259) pushed onto us. 

Some of our staff members use GlobalProtect on their work-from-home laptops and connect to their

Are there stats to see if a static route is being used/hit?

I have some static routes that I am not sure are used anymore in our network. Is there stats anywhere to see if these are being used on the palo? Similiar to the stats you can see on security policy hits or PBF hits

Hardware Temperature: Description

Hello Everybody

I'm trying to monitor the temperature of different components with the oid  1.3.6.1.2.1.47.1.1.1.1.2 from my PA5220
There are some other items which i already filtered. But i don't understand the meanings from the Descriptions. 
Can Anyo

Auth failure (can not assign new Authorization codes to the firewalls)

I'm trying to assign the new authorization codes on these firewalls but we are receiving a failed message from the Firewalls and an error message from the Palo Alto Support site.

Policy optimizer on firewall or Panorama - can we automate or send reports on monthly basis to an email address?

I am looking to automatically send reports of unused rules (90,60,30 days...) to an email address, is there a way to do that?

Layer 3 Ethernet Interface vs Layer 3 VLAN interface

Trying to really understand the difference here. I have never made a Layer 3 VLAN interface using the VLAN tab on "interfaces".

When I make a layer 3 interface I use Ethernet Layer 3 interface that connects downstream to a switch. From what I can t

Firewall PA doesn't process network traffic.

Hi everyone! First, sorry 'cause my English is not good.

My issue don't let me sleep. My firewall (PA-3410 v11.0.0-h1) doesn't process traffic, I can't do ping at other interface than MGMT. The Monitor is clear!.

The only thing I have observed is th

Can we configure a VPN gateway for cisco anyconnect ?

Can we configure a VPN gateway for cisco anyconnect via Paloalto FW ?

GlobalProtect windows negating/disabling RSA Authentication

We use RSA's MFA Agent for Windows authentication.  When we install or update GlobalProtect, it disables the MFA Agent at Windows login until we connect at least once via the VPN.  It appears it is adding itself as an authentication provider into the

Zone to zone interaction PBF

Hi All,

i have some doubts ....

1.i have three zone TRUST,DMZ,UNTRUST. 

2.there is a nat policy from TRUST zone, DMZ zone to untrust 

3.all interface is under same VR .and there i haven't add any static route yet. instead i create a PBF rule from bot

VRF lite two different set

I want to use two Virtual Router

VRF router-28 and VRF router-128

WRF-Router-28 for wan, inside DMz 

Second-Router-128 WAN, INSIDE and DMZ

Separation port connection for two set of DMZ, WAN and inside

this all allow for PA-440?  

I'm trying to use as