Log at session start??

Hello everyone,

What I read the best practice is to enable log at session end, is there any use case to enable log at session start?

any thoughts?

thanks

IP to Tag registrations and Multiple vsys 10.1

Has anyone noticed issues with 10.1 and trying to register ip to tags on mult-vsys firewalls from/through panorama?    We've been registering ip to tag through panorama for a while with success.  Everything appears to have worked when using panorama

Host machine behind Palo Alto VM firewall

Hello all,

I am running PAN-OS 10.0.1 VM series firewall in VMware workstation. Currently I have a windows 10 VM machine behind the firewall. My interfaces are set to eth1/1 is the outside interface which is set to my home network. Eth1/2 is my inside

GlobalProtect OTP (Googleauthenticator)

Hi,

I have GP configured using LDAP for authenticating. Now i would like to configure LDAP with OTP (Google authenticator). So i have several questions:

-Its possible to configure LDAP+Google authenticator? is there any procedure o manual to help?

-In o

How to locate the IP address range mapping to country/Region

Where can you locate the IP address ranges for the Country/Regions.  I am adding in a block rule for specific regions, but I need to know the IP address ranges that this uses in order for uses with some identity blocking.

wildcard fqdn for destination in Policy based forwarding

Hello,

i have created a Policy based forwarding to make some traffics go trough one of my ISP lignes it works fine but i can't add a wildcard fqdn address for exampl (*.amazonaws.com) . how can i do this ?

Thanks in advance,

External GP Authenticate LDAP + Radius (Google Auth)

Hi Folks. aAnyone know if the integration to external GP users to LDAP and Radius integrtion works in the same process?

I probe the integration between Palo Alto - Google Authenticator trough RADIUS and it works perfectly. But now I need to integrate

Panorama Export bundle found already object

Hi Expert ,

I found that the issue about migrated the firewall into panorma with import config device and export  device config bundle  but facing the issue  about the object already 

please help me 

Thank you

Panorama support matrix

Does Panorama 10.0.x supports managing 10.1.x firewalls or is it required to upgrade Panorama to 10.1.x before hand.

Panorama Template Variables

Hi All

Hope everyone is keeping safe.

I'm in the process of adding a HA pair into Panorama, will use single device template and single template.

To do this I need to set some variables, such as Hostname, Peer1 IP, Management IP address.

I cant find t

NAT/PBF behaviour

Hi,

I am having some trouble successfully creating a NAT/PBF combination. Long story short...:

We have an office with two WAN switches that have IP addresses in the same range as that office LAN WiFi IP range. Thus if anyone in the office or on their

Site-to-Site Palo Alto VPN is Failing

I apologize if this is posted in the wrong message board. It is unclear to me where I should specifically be asking this type of question. 

I configured a site-to-site IPSec VPN between two Palo Alto's and they are both failing on Phase 1 and Phase 2

Internet not working

Hi Guys,
So we were using a router with two VLAN 10 and 20, connected to two different APs and everything was working fine.

Today we purchased a firewall and we placed it before the router (refer to the image). I created two static routes 192.168.110.0

"Error in getting config lock"

Hi, 

 We encountered an error "Error in getting config lock"  on the web gui and an error "Server error: Error in getting config lock" when we tried to run commands on the CLI. This issue has been resolved by the TAC with the help of the root engin