Resolved! App Identification and ALLOW rule - does this make any sense?

Attached is a screenshot of a rule that is ALLOW'ing ICMP, IKE, IPSEC, PING.  Can someone explain why SSL is in the APPS SEEN list?  I don't see where any of these applications have an implicit allow for SSL/443 trafffic yet if I read this right it i

Resolved! NAT

Hi Team,

Is there any way to get a history of when NAT oversubscription dropped packets/sessions? Or can I only get realtime data on that?

Resolved! Honeypot - block IPs

We are looking at creating a Honeypot Website. The idea is to set it up with a much more restricted vulnerability profile so when hackers are scanning for certain vulnerabilities in the low and informational category their IP is blocked. The question

Resolved! Prisma direct access to Azure

Hello,

I connect from home via Prisma to on-prem.  I have a few domain controllers setup for pre-logon etc.

- what if my domain controllers were all offline or the firewall was offline

- can i have a domain controller in Azure 

I have setup a site to

Resolved! what does "SWITCH" in hardware architecture mean?

One of my customers is using PA-3020 and thinking about replace.

When I comparing following diagrams, I have one question.

PA-3020 has dedicated "signature matching", "security processing", and "network processing" as below

Compare to above, PA-

Resolved! Interface IP address configuration when firewall in HA active passive

Hi,

I have 2 palo alto firewalls configured as active and passive.  I want to know how I should configure the Interface IP address (for inside and Dmz) on the passive firewall?  Do they have different IP address configured from the active firewall

Resolved! Active / Active HA IPsec tunnel setup.

Hi,

We have an Active/ Active firewall between 2 datacenters.  We have configured a single tunnel on a floating IP that is Active in Datacenter A to a remote Partner.  Firewall in DC A is currently in Active Secondary State,  Firewall in DC B is cu