Zone to zone interaction PBF

Hi All,

i have some doubts ....

1.i have three zone TRUST,DMZ,UNTRUST. 

2.there is a nat policy from TRUST zone, DMZ zone to untrust 

3.all interface is under same VR .and there i haven't add any static route yet. instead i create a PBF rule from bot

VRF lite two different set

I want to use two Virtual Router

VRF router-28 and VRF router-128

WRF-Router-28 for wan, inside DMz 

Second-Router-128 WAN, INSIDE and DMZ

Separation port connection for two set of DMZ, WAN and inside

this all allow for PA-440?  

I'm trying to use as

Error 503: Service Unavailable

Hello!

I am configuring  an ha cluster Fw 440.Firmware 10.1.3

When i push "commit" i lost gui access.

I can ping andaccessvia ssh to fw.

I recover the gui access via cli:request restart system.

I have updatefirmware to 10.1.11-h5 but i happen the

Cannot Create Account on CSP

Hi, we've received our PA-445 but cannot create a Customer Support Portal account for it.  After entering the serial number and sales order number I receive the following error:

Unable to create user account, request matches multiple Support Accoun

Right way of moving cable

Please find the exsisting set-up:

Juniper switch---ospf--->Palo-Alto firewall------------tunnel-----> External 3rd party Cisco Router

We are planning to change the Juniper switch to Cisco switch and make the configuration as below:

Cisco switch---o

Looking for Lab

I"m looking for a full lab access and I can't find for Palo alot

PA410 Version: 10.2.7-h3 does not send logs to Panorama

Hi team, 

I got a question , after upgrading Panorama to 10.2.7-h3 the logs stopped to be reflected on. (PA-410 to Panorama) ( from PA-3250 to Panorma is working properly). So , I proceed doing the following :

1. We proceeded with the workaround

Bug Search Tool

Hi all,

I've created a tool, that you might find helpful.

It can be tedious to search for specific bugs, or when a bug have been addressed. This tool gathers all known and addressed issues from all (not EoL) releases and makes it easier to filter

Threat name is Blank on Email report PDF attachment

Hi everyone,

Good day and greetings!

I have an unusual encounter with an email report pdf attachment. The threat names are blank but I can identify them by looking at the "Count" Like below snapshot.

Were this ever a bug or was intended to be

Matching HIP in Decryption Policy

Anyone doing this? It is configurable in the policy itself but isn't referenced in any documentation. The firewalls seem to ignore the HIP profile configured in the decryption rule when matching/not matching traffic. 

When I configure the rule to mat

Applications not being identified correctly

I am running into a  number of situations where the applications are not being identified correctly and thus not working.  I can see that the applications is using the correct port, but the PA shows it is "web browsing", unknown, etc.  Examples:

KaKao

Dual VPNs with Dual ISPs with a Single Firewall to a Remote Site

Dual isp with tunnels have been configured. primary isp is on eth0/1 and secondary is on eth0/5.

Tunnel monitoring has been configured on primary tunnel. when primary isp goes down tunnel traffic will be shifted to secondary isp tunnel.

Physically

EDU-110/220 Still Available

I'm looking for the Self Paced version of the EDU-220 which used to be the EDU-110. Has this been removed. I don't have the time currently to go to an Instructor lead course and studying for my PCNSE.

Thanks