User-ID configuration

I configured User_ID  on FW 8.1.23, however the server monitoring status shows access denied. I have checked the LDAP configuration(server settings), user mapping, group mapping and ... Any help would be highly appreciated. Thanks

Nintendo Issues with Nat

We have a couple of Nintendos in our district.  I have a NAT Policy setup which is allowing them to get to the internet. Right now it show NAT B.  This is after rebooting them.  I have two separate NAT policies because two nintendos on seperate IP ad

Failover to passive no traffic passes

Hi all - have been working on upgrading all our firewalls from 9.1.13 to 9.1.14 and ran into an issue last night with one of our Active/Passive 7050 pairs. When I failed over to the passive FW our users lost internet connectivity, once the active FW

Palo alto 220 Disk issue

We have PA 220 at few of our site. Multiple times a day it's getting "Disk usage for / exceeds limit, 97 percent in use, cleaning filesystem" Sometime it goes to non-functional state because auto disk cleanup won't work and it will fill out 100%. I h

Outside WAN port staying red on backup PA-850 when failing over from active - services do not work

Hi All,

Having a strange issue. I have a cluster of PA-850's in HA.  Last night I failed over my active PA-850 to the standby 850.  What happened is the backup 850 became active, and the inside and DMZ ports went green, but the outside port Eth1/1

how to move palo 440 from spare to activated

I went to register my palo 440. for some reason it registered as a spare. Not sure how to undo the spare function to activate the device and apply licensing

Where I can find real live source of malware and URL's with bad reputation for testing?

Hello Guys,

I'm looking for a place where I can take real live example to perform crash test of  my FW 

I'm looking for malware samples as well as URLs

With regards

Slawek

RTCP issue for matching policy

Hi,

We are having a issue with RTCP traffic. The RTCP traffic is jumping the rule configured for this and matching the last rule (bypass).

The filter for the correct rule is application rtcp. We see that the application is identified but sometime

Error when export configuration from WebUI on Palo alto firewall

Hi everyone,

When I export configuration from WebUI ( in section Export named configuration snapshot) , Palo Alto has redirect another web with error imformation :  Error 500: Internal Server Error.

Plesse help me to fix this error.

Active/Active failover triggers for multiple Vwire?

Hello,

I've been looking for some time docs which closely describe PA Active/Active setup for only Vwire interface mode (multiple defined Vwire's), especially failover triggers like a link or path monitoring, but no luck. I decided to start with th

GlobalProtect stops to connect

Hi all,
GlobalProtect stopped to connect to server. 
So it works before ( I did not install any new software, firewals, proxies, .... etc) It contiue work under VirtualBox machine, so it is not a problem of my internet provider, but it stops to connect

BGP AS-Path allow

Hi All,

I suspect the answer to this is in the Advanced Routing in PanOS 10.

We have configured a new system as Active-Active and BGP. The firewalls are in different DCs, the DMZ side of the firewall can talk to routers in both DCs but only its l

Allow traffic other than IPSec

Hi all,

Site A

Source Zone: test-DMZ

Interface: ae 1 (172.16.1.1)

Tunnel Interface is in internal-trust zone.

Static route set to destination 10.10.10.1

I have an IPsec tunnel between 2 sites. 

However, i want to allow traffic from other sources