PA 2020 Active/Passive Cluster on SFP Ports

Hi,

I have two  2020 Palo-Alto firewalls with serial no.0004C102807 and 0004C102848. I have to configure them in Active /Passive Cluster. As per the design the two PA Firewalls are not in the same location and they are at different locations and Ether

url filtering with groups moved user

I have 2 surfing policies one referencing group1 the other group2

if I move a user from group 1 to group 2 he is still restricted by the group 1 policies

how do I force the panagent to look again and get the list of group to user again

Trying to configure GlobalProtect VPN with user certificates on 4.1.x

Hello-

I currently have a PA-500 running 4.1.2 and am trying to configure a client certificate-based VPN as outlined in this document:

However, that document is for the old NetConnect (pre-4.1.x) VPNs so I've been trying to merge the instructions cont

PA in active-active mode and Cluster ID

Dear all,

we ran into a strange problem tonight.

We are running PA 4.0.8 in active/active because me might encounter asymmetric routing.

We have two A/A clusters in different data centers. Both clusters have the same cluster ID.

The traffic is going only

User-ID Agent 4.1.1-7 Installation Requirements

What are the official installation requirements(HW and SW) for the User Indentification Agent?

Bulk creation of host objects

We need to create a large number host objects (i.e. IP address objects).  Tech support only pointed us to a KP article "Using the XML API" which is Greek to me.  Does anyone have any suggestions/solutions?  I would think that someone would have neede

Trap SNMP for threat

Hi all,

From the mib file named PAN-TRAPS.mib I can see that there are some information about threat objects.

Is there anybody who knows how to use this.

I have tried to generate some threats but no traps were sent to the manager.

Thanks

Bruno

Need assistance creating a custom application

     I have a warehouse management system, and I need to identify the traffic from the WMS client. 

Here is a section of the tcp stream from a packet capture:

V103^46^^~0~~0~~-1^=^002050^get encryption information

V103^45^45736^0^0^^1^1^s^~name~4

Routing between Virutal Systems with a VWIRE

We currently have our Main PA configured in a VWIRE deployment with a TRUST and UNTRUST Zone.  We have many different VLANs on our network and the default route for all internet bound traffic passes through the VWIRE.

We want to configure multiple VSY

What is everyone using for anti-spam?

Sorry if this is inappropriate here, but I figure who else better to ask than other Palo Alto Networks customers.

As much as I love our PANs, unlike some other firewalls, they don't really help with spam. So I'm wondering if other users would mind sha

Reason for last boot?

Any way to find out what caused unplanned reboot of a PA firewall, such as a power outage at a remote site?

Thx

FQDN and DNS failure

I'm looking to use FQDNs inside Address Objects but have some reservations.  What happens if my DNS goes down, or becomes corrupted for some reason.  In other words, when using FQDNs, what happens if the PA can't resolve the address?  Is all traffic