Maximum latency between HA peers?

Whats the maximum latency allowed for HA peering links (e.g HA1 control and HA2 keep-alive) between devices setup in active/passive HA pair?

i.e based on the latency can determine the approximate distance that HA pairs can be physically separated.. 1K

Site-to-Site vpn and NAT

Hello,

I have one vpn configuration question, I hope somebody can help...

I am configuring vpn site-to-site in my site PaloAlto, other site is not important in this case.

I am making source and destination NAT for the traffic that is used for vpn. The p

Panorama: migrating between a failed and replacement device

Hi all,

I am running Panorama with two PA-5020s which belong to one device group. The policy for this group applies to both or either firewalls, depending on zones (basically, this is a non-HA pair on two Internet links). One of the 5020s has gone int

How Long to Update Firewall from Panorama

I changed a zone in a policy from Panorama but the change doesn't show when  in the context for the particular device.  Did I miss something? How long for that change to show up?

partial commits causing allowed RTP flows to change to discarding?

We are seeing a strange issue with our 4020s (running 4.1.8h2 right now) where, as far as we can tell, partial commits are at times causing some kind of HA event that, at times, causes some already-established RTP streams that are allowed by the poli

How to skip CaptivePortal for one device?

Hello

As you can see on this forum I have some configurations problems with CP.

In the zone where I have CP enabled I have Minolta BizHub c220 device (with static IP 192.168.3.251). This device has scan to email features. After I enabled CP for this zo

Script for user agent xml api

Is there a script out there yet that someone has written to send user info to the user-agent api?

DNS Proxy

Can i use the DNS proxy feature for all external queries for our public sites?

external user queries for www.mydomain.com - instead of our DNS servers replying, could we have the PA do it instead?

So we can list out all our public domains and only thos

Active/Passive - Failed to check Antivirus content upgrade info due to generic communication error

I am getting a daily notification that states that Failed to check Antivirus content upgrade info due to generic communication error . I have a HA Active/Passive set up on my network.  The Active is connecting to updates.paloaltonetworks.com fine and

Tunnel between PaloAlto and PaloAlto

Hello,

i'm trying to get this constellation running:

Two PA 200 behind a DSL-Home-Router and a firewall with a fixed public IP at the passive site.

This image is just an example how it looks like....

First i want to get the active site ("PA-Active"; PA 2

Site to Site VPN from PA 200 to Juniper 5GT

Hi all,

Anyone have a guide on how to set site to site vpn between PA200 and Juniper 5GT?. I tried a luck but now enable  to establish a connection. In Juniper the tunnel i created the status is ready.

A little help please.

thanks,

Jun