Active-Active NAT Rule Binding

I can't find anything which goes into enough detail on Active-Active design around NAT and more importantly ARP.

The easiest way to explain the current deployment is as follows:

• Site 1 / Firewall A
• Site 2 / Firewall B

Each firewall is connected to uni

Python: panos opstate

I'm having tremendous success automating security policy updates with the panos Python library, but I'm currently stuck on obtaining the hit counts of rules programmatically. 

I'm able to access all attributes of the SecurityRule objects, but the o

Impact of deactivating HA configuration in Azure

I have a HA configuration in Azure.

I’m trying to deactivate the HA configuration. If we shut down the Passive side in the Azure portal and delete the VMs, what will be the impact on the Active side?

Configure SAML for GloblaProtect and use groups to filter

Hi,

I would like to configure SAML for my GP authentication and  I would also like to be able to assign IPs by user groups and configure rules for these remote users by user groups. 

Does anyone know if this is possible? how can match users received

ACC not displaying

PANOS version: 11.0.3-h3

We are experiencing a recurring issue with the Application Command Center (ACC) on our Palo Alto firewall. Every 2–3 days, the ACC becomes unresponsive or stops updating properly. The only way to restore functionality is by m

Action of allow  but of Type policy deny

Hi

panos 11.2:

I am using SSL Inspection for all inbound traffic on my web sites.

Certain TLS connections with TLS inspection enabled did not work. Looking at the traffic log the connections shows an Action of “allow” but of Type “deny” with Sessio

I cannot move the vlan interface IP to new vlan 10 interface

Hi, can anyone help me? I keep receiving this error even after I removed or changed the IP on the VLAN interface.

I also tried pushing VLAN interface 10 (without an IP) first along with the subinterface. It was successful, but when I try to deploy th

Query on URL category change

We submitted the request to Palo Alto to have the URL category and risk changed and that was recategorized to 'low-risk' now. My question is will Palo Alto might identify the site as malicious again based on our activity in the future and change the

Drawbacks enabling Jumbo Frames (PA-5400 series)

Hi Community,

we are thinking about enabling Jumbo frames globally on PA-5430 firewall that is connected to Nexus and Catalyst.
- Nexus for high performance & storage with MTU 9216.
- Catalyst for all the standard stuff with MTU 1500.

Are there any limit

MAC0s 15.3 is showing an error the network connection is unreachable or the gateway is unresponsive.

Hi I would like to ask if there any bug reported for MACOS15.3 PA-450 Global protect 6.2.0-89 reason being is that I got a situation in which the customer is getting the following error :

the network connection is unreachable or the gateway is unre

Show Hard Drive information

For an audit, I need to know the Make/Model/Serial Number of the internal HDD.

I cant seem to locate the appropriate show command on a PAN device...any ideas?

Thanks much