Service route for Destination

Have 2 radius servers, 1 is used for admin login and is accessible only via the management interface, and another radius server is used for global protect authentication and is accessible via another production port.

Tried to configure custom servi

HA state on PA-450 devices "unknown" after masterkey change

Hello all,

I am facing an issue with deploying master key in PA-450 firewalls (HA – active/active), I replaced 2 PA 850’s with two PA 450, also in HA.

 After Changing the masterkey was tested on the PA-850s prior to being performed on the PA-450s thr

Palo alto Lab environment

Hi All,

I am hoping to build a lab environment to fully learn the palo alto firewall and I wanted some recommendations on the most cost effective way to achieve this. I already have some physical cisco gear (switches, routers) however I'm not again

Active Active VIP ping inconsistent

Hello All,

i have 2 Firewalls configured in HA Active Active.

I have a L3 sub interface created on each firewall and a vitual address configured as IP-Modulo arp-load-sharing.

ex:

FW1 (primary): 192.168.0.2/24

FW2 (secondary): 192.168.0.3/24

Virtua

GSuite apps not decrypted when using Chrome

I have seen some older posts with no updates on this very subject so I thought I would start a new thread.  I am testing SSL decryption from a couple of workstations and have almost all of the traffic being successfully decrypted.  We are a Google su

Configuration / Rule Set Scheduled Export for SOC2 / ISO27001 Audits?

I'm looking for experiences and suggestions.

We're subject to SOC2 / ISO27001 audits, where the auditors want to know what has been changed in a firewall configuration or rule set. Specifically things like "what rules were added, changed, or deleted

Block HTTP/HTTPS access via IP

Hello.

I would like to block access to my site (http/https) when it is made via IP.

I want to only allow access made by name.

Ex.: www.mysite.com <=> 1.2.3.4

https://1.2.3.4 => deny

https://www.mysite.com => allow

Is that possible with Pal

User-ID when taking information from the syslog, uses a different timeout.

Hello,
In the users identified from the syslog (which comes from the ISE) the timeout is 2700 instead of 36000 with those identified from the AD. We need all of them to be at 36000.

Can anybody help me?
Thank you.

PA Packet Capture

Hi All,

Is there any similar command which we can use to check how the packet flows in PA and where the packet is being dropped, which blade is dropping the traffic. To simplify my question is there any command like Packet tracer command in Cisco ASA

Best practices health treshold palo alto

We need to know a threshold to determine whether the CPU memory and Palo Alto dataplane are normal, warning, or critical.

Does Palo Alto itself have a predetermined threshold?

#threshold

#850

#panorama #m200

#800series

High Usage of Root Partition in PA-220 After upgradre to 10.1 version

Hi Team,

After upgradation of PAN-OS 10.1.x version we are facing High Root Partition issue in our firewall. 

Even after manually clean the logs after 5 days it is back to high, Is there any particular reason the partition usage is high ?

expedition export ASA objects and object groups to CSV

I see Expedition is a tool used to import ASA config file and export to PAN for migrations.  For those who have it already installed, is there a way to export ASA configs, specifically objects and object-groups, to CSV?