General Topics

Partner Locator - Official and Certified

Hey guys, is there a partner locator on here where you can search for official and certified Palo Alto specialists? Trying to get basic Panorama configs done, thanks.

SSL Certificate expiration date monitoring options

Hi guys,

We have external CA certificate for global protect VPN which we want to monitor for its expiration date so that we can get it renewed we in advance to avoid any outage. can anyone pls suggest how can we achieve it. 

thanks in advance!!

PCNSE Exam lab

Hello everyone,

As I am about to get into PCNSE course, I’d like to setup a lab for practicing. Which Cloud Provider could I rely on ?

I’m planning to set up a lab made up of a Palo Alto firewall, 02 workstations (one for the management plane and t

Does Globalprotect support multicast traffic?

I have a scenario where the Radio equipment listens to multicast traffic on the network. Now that we have people working from home, we were wondering if the Radios can be placed on Globalprotect VPN and have the firewall route the multicast traffic.

Unable to login into PA support portal with an error UnAuthorized Access

Dear Team,

  I am unable to login into palo alto support portal to raise a tac case for an ongoing issue. Getting the below error

Licensing DNS Security

I am trying to register our DNS Security. I have the purchased Auth Code, but I cannot where to add it in the customer support portal. I tried to add it under PRODUCTS --> Assets. My part number is PAN-PA-5220-DNS-5YR.

PAN OS LDAP producing DCOM 10036 error on all servers

Seems not long after PAN OS upgrade to 10.1.3 we started seeing errors in our system event viewer logs for DCOM 10036 coming from our account that we use for LDAP on our PAN OS.  They all reference the IP of our PAN OS as the originator. The logs are

HA timers value - Monitor Fail Hold Up Time - Additional Master Hold Up Time - Doubts

Hello Live Community, good evening, thanks a lot for your time and colaboration.

I have a question regarding the value of "HA timer - Additional Master Hold Up Time" by default is 500 ms. In the documentation it indicates that this is an additional

SSL Decryption - replacing Forward Trust Certificate not working for IOS devices

Hi All,

The Forward Trust certificate on a PA-820 firewall pair was expiring, so we issued a new SubCA certificate from the Windows ADCS root CA server and updated it on the firewall. The certificate was imported with a 2048bit key and there is a pas

Response Page not displayed when using security policy to deny URL category

Hi There,

I have configured a security policy to block a URL category using the Service/URL Category method and my action is deny.

This works and the category is denied, however the block response page is not displayed. Instead i get "This site can’t

nailing up an ipsec vpn?

I have a site to site ipsec vpn between two Palo firewalls.  A always initiates the tunnel to B. Is there a way i can make A always keep the tunnel up even when interesting traffic is not present?

Interzone default deny rule with logging is allowing traffic and shows up in traffic logs

We have a PA-3220 which is running in 10.2.4 Pan OS, we observed something really weird in the traffic logs this morning which shows 'ms-rdp' connections allowing through the default interzone deny rule which we re-verified again to see it is still s

IPSec Child-SA rekey negotiation fails

Our customer encounter intermittent connectivity issue with IPSec IKEv1 during phase 2 rekey of IPSec Child-SA. We open case with the IPSec peer device vendor, they mention that PAN is not sending message to R2011 (IPSec peer) for deleting the SA whe

Configure L2 service on Active-Active Mode

I'am using PAN-PA-3220

We want to setup this model with:

1. HA (active-active)

2. Interface configuration using Layer 2 configuration

Is it possible to done it?. as when I try to create Layer 2 configuration. It always pop out error "Layer 2 unable