General Topics

ECMP Single Interface

I have an HA pair of firewalls in my data center. I have a single ISP that provides two routers for internet access. I use HSRP on those routers, which obviously share the same subnet on the inside interface that connects to the outside interface of

10.2.3 Software Update Install Error

The firmware is not being updated.

create a new Vsys queries.

Wish to configure new VSYS, will it cause any issue while configuring?

Do we need to reboot after enabling Multi-vsys opention?

Will it will cause network disruption over default VSYS1?

· Will it will affect the functionality of Access Control Poli

Global Protect have issue after firewall upgrade to 10.2.6

Hi,

Yesterday we upgrade Pan-OS version from 9.1.13 to 10.2.6. GP version on 5.2.12. 

Now we have issue with GP as we have difficulties to connect the Gateway with error Cookie expired/Authentication failed

We can confirm the Radius server is rea

IPSEC VPN tunnel

We have a site to site VPN tunnel that fails when the vendor side tries to Re-Key. We are seeing no U-Turn policy blocking them. We can ReKey from outside without issue. 

1. Has anyone seen this issue previously and been able to fix it?

2. Does any

Palo Alto Application ms-office365-base not working

Hello Everybody,

i thought i try the community for a change with my problem.

One of our departments recently asked for a policy change, so their server could access a ressource in the internet.

The rule is as simple as it gets. Source is their Serv

Global protect VPN not working

Hey , Here- i am facing issue with global protect.

Log forwarding profile for Correlated Events?

Hello all,

It appears that we have had at least a single correlated event in the past seven days, but did not recieve any alert related (via any configured log forwarding profile).

It appears the each match that was correlated did perform a log actio

Changing HA from Active/Active to Active/Passive

I would like to know if anyone has changed HA from AA to AP and has configured floating IP in AA mode. How was the solution to bring it to the AP?

Thanks a lot.

PAN 10.2 (PA850) high memory usage normal?

I've just started upgrading our firewalls from 9.1.16 to 10.2.7 and noticed the first (and so far only) firewall pair upgraded caused an enormous jump in memory consumption.  Is it normal for version 10.2.7 on a PA850 to consume 68-70% of memory?  Th

GlobalProtect: Port 4501 UDP

Hi all,

I understand that GlobalProtect uses TCP 443 and UDP 4501... But what is there any more information available about GlobalProtects usage of port 4501?  All I could find is the following:

• TCP/443 for the SSL communication
• UDP/4501 for tunne

Unable to download new firmware for Lab PA-220

Hello,

We are using a PA-220 on version 9.0, its unlicensed, had a real issue getting a new license because the PA-220 was previously purchased off Ebay so we use it now for basic configs now.

How do i get the newest firmware for this? I went u

OID of throughput value of each interface

I've seen several posts that asking the same question, but none of them have provided substantial suggestion. Many replies just suggest to use existing templates of Cacti or Zabbix. What if I'm not using those 2 monitoring tools?

PA has published an O

SNMP OID for session throughput

Hello

does anyone know if there is an OID for the session throughput (show session info > throughput)?
I would like to monitor that on my firewalls without offloading to get an idea of their load with respect to the max throughput from the tech specs