Does PA fail closed by default?

I'll be darned if I can find any documentation that speaks to if/how interfaces are configured to fail closed if there's a system or interface issue.

Does anyone have a URL that talks to this?

Thanks, Jeff

IPv6 Support

Are there any updates as to if/when PAN will support DHCPv6 Client and IPv6 Prefix Delegation? This is preventing a purchase for me. Without the ability to receive an IPv6 address and prefix delegation dynamically on the WAN interface, this is a show

access logs from bluecoat proxy to windows user-id agent

Trying to get bluecoat proxy to send its access logs to windows user-id agent. configured custom log on bluecoat in the following format

PAN Source=$(c-ip) Username=$(cs-username) Action=$(s-action)

On user-id agent side I am seeing server receiving

Global protect - external gateway blocking?

In the global protect gateway settings where you can select the priority by region does the firewall block connections from any regions that are not included there?

this is the article discussing the feature I’m referring to:

 https://docs.paloaltonet

Can't enable user-id on sd-wan zones

I need to enable user-id on panos sdwan zones - e.g. zone-to-branch. I can enable it in the template on panorama, but it doesn't change on the firewall when pushed. Everything else is working fine, so this is not and template/stack issue. Is this a s

Panorama in AWS

In an AWS environment which is making use of the TGW and GWLB,  is it okay to deploy Panorama in a VPC that gets routed through GWLBe or should Panorama get deployed in the security VPC and have the route tables bypass all gwlb endpoints?

I'm wonde

Many government sites are not opening on paloalto networks. Same is opening on outside network

Many government sites are not opening on paloalto networks. Same is opening on outside network. Please suggest

How to correctly decrypt FTP (over TLS) traffic

Hi,

I am facing the common issue of Passive FTP (over TLS). Basically, the connection fails due to the dynamic ports assigned in the encrypted channel. It is clear that the solution is to configure PA to decrypt the traffic to identify the dynamic po

Updating password with XML API for Palo Alto firewall user.

I have a physical firewall and want to change the password on an admin by the use of XML API.

I have followed the guide from

How to Change the Password of Administrative Users via XML API - Knowledge Base - Palo Alto Networks

and everything works and

HA ports up when connected but HA NOT enabled?

Do the HA ports come up even if HA isn't enabled? 

I have a production 3220 I am trying to add a new 3220 to and before I enable HA I wanted to make sure the HA ports were up and working before I flip the switch.  The HA ports are showing down and

Clientless Portal no longer working after upgrade

Hi,

The Clientless Portal is now displaying a blank page after a software upgrade (from 9.0.9xfr to 9.1.15).

The developers say that the javascript minification process is no longer working and no longer pushing data into the Pan_js module for it t