General Topics

Active Active VIP ping inconsistent

Hello All,

i have 2 Firewalls configured in HA Active Active.

I have a L3 sub interface created on each firewall and a vitual address configured as IP-Modulo arp-load-sharing.

ex:

FW1 (primary): 192.168.0.2/24

FW2 (secondary): 192.168.0.3/24

Virtua

GSuite apps not decrypted when using Chrome

I have seen some older posts with no updates on this very subject so I thought I would start a new thread.  I am testing SSL decryption from a couple of workstations and have almost all of the traffic being successfully decrypted.  We are a Google su

Configuration / Rule Set Scheduled Export for SOC2 / ISO27001 Audits?

I'm looking for experiences and suggestions.

We're subject to SOC2 / ISO27001 audits, where the auditors want to know what has been changed in a firewall configuration or rule set. Specifically things like "what rules were added, changed, or deleted

Block HTTP/HTTPS access via IP

Hello.

I would like to block access to my site (http/https) when it is made via IP.

I want to only allow access made by name.

Ex.: www.mysite.com <=> 1.2.3.4

https://1.2.3.4 => deny

https://www.mysite.com => allow

Is that possible with Pal

User-ID when taking information from the syslog, uses a different timeout.

Hello,
In the users identified from the syslog (which comes from the ISE) the timeout is 2700 instead of 36000 with those identified from the AD. We need all of them to be at 36000.

Can anybody help me?
Thank you.

PA Packet Capture

Hi All,

Is there any similar command which we can use to check how the packet flows in PA and where the packet is being dropped, which blade is dropping the traffic. To simplify my question is there any command like Packet tracer command in Cisco ASA

Best practices health treshold palo alto

We need to know a threshold to determine whether the CPU memory and Palo Alto dataplane are normal, warning, or critical.

Does Palo Alto itself have a predetermined threshold?

#threshold

#850

#panorama #m200

#800series

High Usage of Root Partition in PA-220 After upgradre to 10.1 version

Hi Team,

After upgradation of PAN-OS 10.1.x version we are facing High Root Partition issue in our firewall. 

Even after manually clean the logs after 5 days it is back to high, Is there any particular reason the partition usage is high ?

expedition export ASA objects and object groups to CSV

I see Expedition is a tool used to import ASA config file and export to PAN for migrations.  For those who have it already installed, is there a way to export ASA configs, specifically objects and object-groups, to CSV?

what is the PaloAlto equivalent of Cisco's Auto-RP feature?

I am trying to configure multicast but it only works with auto-rp feature. I am wondering the equivalent terms and configurations in Palo's world. has anyone configured it? If so, please provide me your inputs.

Thanks.