Multiple unexpected failovers - need help understanding FW behavior

Hi all,

We have two PA-3220 devices configured in Active-Passive mode (no preemption). Firmware version is 10.1.2. In the last three weeks we had three failover incidents that we are investigating (no device reboots though). We've opened a support

Please help with log collectors and collector groups in Panorama mode!

Hello all! 

We have had a single Panorama appliance running in Panorama mode as a local log collector in its own collector group. Firewall logs are sent to Panorama, and all is working well.

We now have procured a second Panorama appliance for HA.

ECMP Virtual Router restart question

Very quick question.  We have set up another virtual router (currently running two with active users) and are trying to enable ECMP on the new virtual router.

When we attempt to enable ECMP, a firewall message states that 'Enabling/Disabling ECMP a

What exactly is the naming convention for Prisma Access?

We have Prisma Access ( Panorama Managed ) in our environment. Example of one of the compute locations is named as "europe-central-cranberry". Is this an SPN? And after certain bandwidth will be get a new SPN in europe central like "europe-central-xx

FIPS-CC Security Functions- can you trust PAN documentation?

According to PAN documentation: https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/certifications/fips-cc-security-functions

MS-CHAPv2 is not compatible with FIPS-CC mode. It is recommended to use RADIUS with TLS.

However, in my test with

How to contact an Account Manager to discuss Partner Status.

Good day,

Please will someone from Palo Alto contact me with regard to my company's partnership?

I am unable to find the partner information in order to align our certification efforts with Palo requirements

Many thanks

Linda

Wrong interface name on PA-410 stencils

Hi all,

I'm in the process of rolling out several PA-410 to a customers locations. I am creating detailed documentation, since there is a third party that will do the physical install.

In the process I found Visio stencils here: https://www.paloalton

Incorrect object displayed on PA-5220 during Tunnel negotiation.

This is a slightly confusing issue that I am facing so please bare with me with regards to the explanation.

We have a PA-5220 configured with multiple IPSec Tunnels connecting to community sites, the community sites have either a PA-220 or PA-440 o

Are logs lost when log discarded (queue full) increases?

Hi everyone

I changed last week from pa-3020 to pa-3220.
However, the log looks abnormal (7-8 minutes delay).
Looking at the log-receiver status with the command below, log discarded (queue full) is continuously increasing.
Does this mean log loss?
How

netflow data without a collector

How can I best obtain a report of just netflow data including host names without using a netflow collector?

I'm having a problem with PXE Boot.

We are having issues with our new Palo Alto 2050.

We are using a DHCP server in 2050 with a PXE to iSCSI system.

Use another firewall/router with the built-in DHCP server - the system works fine.