Site to Site VPN with dual ISP

I have setup my Pa2020 with dual ISP, PrimaryISP using PBF w/monitor and BackupISP setup with Static route for 0.0.0.0/0.

My issues is that my Site to Site VPN stops because of a timeout.  I noticed in the VPN config uses my main virual router.  Since

VPN Tunnel Management

I would love to see an easy way to enable and disable ipsec tunnels and / or individual proxy ID's within the ipsec tunnel in order to force the tunnel to renegotiate via the GUI interface.  Why does such a basic function not exist on the PA in the g

PA installs - the missing details

Hello all,

since I'm just getting to grips with the support processes here apologies if I've missed a nice handy guide anywhere about this.  My various questions don't seem to be covered in the Tech Notes though.

I'm installing some Palo Altos in to an

Security policy rule to allow users to download from certain URL's?

Just implemented a 3020 and have many Engineers looking to download EXE, ZIPs and ftp to sites all over the place.  I am looking to allow them to use these services to certain URLs only.  i have tried to create a custom URL list and File Transfer gro

Do I Understand Profile Exceptions?

Hi,

Created a Vulnerability Protection profile.

Noticed that I was seeing a lot of "Microsoft Windows Registry Read Attempt" entries in the threat log. These appear to be benign. So I edited the profile, clicked the exceptions tab and checked the "enab

Upgrading to Pan OS 5.0.4 Error

Hi All,

I just attempted to upgrade my existing pan os 4.1.2 to Pan 5.0.4. Everything went fine but my main link to router was down and so there is no internet access. I restarted the router and it was still no link. So i downgraded back to 4.1.2 and

botnet-domain alert in GUI

Hello,

on the cli show command I see under "XX Anti spyware" profile the botnet-domains policy but I'm not able to find it on GUI under object-securityprofiles -> antispyware.

Where botnet-domain behavior is configured on GUI ?

thank's .. here below the

Reverse-Proxy

How can I use  Palo-Alto as reverse proxy. Suppose I have a DMZ zone that has all the web servers and I want the DMZ interface to act as reverse proxy.

The untrusted interface facing the internet would do the NAT translation. Then send the traffic to