Does HA2 link failure trigger failover
Hi, I've got firewalls in active/standby mode and preemptive is not enabled. HA2 link flapped for around 12:47 PM GMT and link was up at 12:52 PM GMT Model : 5060
Hi, I've got firewalls in active/standby mode and preemptive is not enabled. HA2 link flapped for around 12:47 PM GMT and link was up at 12:52 PM GMT Model : 5060
Hi, Looking for some guidance on our setup. I am looking to establish pure ISP failover without having to take action on my / my team's side. Presently when there is an outage, we need to do manual intervention to get connectivity back up. Here is an overview of our network, internet facing. ISP A (/30) -> Cisco ASR Router 1 (I control) (/24 ...
PA is using cisco switch as external RP. Over a system I start the stream on VLC but I don't see the multicast address in multicast FIB. System is connected to network that is directly behind firewall. I use this tool multicast test tool (https://community.arubanetworks.com/community-home/digestviewer/viewthread?MID=21729) I see the entry of add...
We've done plenty of s2s IPSEC VPN tunnels between our DC firewalls and branch offices. I have a new branch office which we are configuring the same way as the others, yet the IPSEC VPN is not operating as expected. The tunnel is showing as up and the IKE Phase 1 & 2 are successful. However, on both firewalls, when I go into Tunnel Info all ...
Our organization has been struggling with getting MS AD security group changes to apply over VPN w/ prelogon enabled for a long period of time now. I have had support tickets in with Palo support and MS support. Palo support has determined via Globalprotect logs, prelogon appears to be functioning properly and no traffic for this function is bei...
Hi everyone,We have defined Risk App block rule which contains the app by risk category, characteristics and vice versa.After upgrading PA to 10.1.5-h1 version it starts to block ssl, web-browsing, google-base, whatsapp and other apps which are not among apps which is blocked by my defined rule.I'va looked for matching apps in app filters, but t...
Has anybody figured out an edl to allow communications to Okta without manually entering the whole list? My customer is using Okat for MFA and the Okta Portal uses a whitelist so they have policies that anything hitting Okta should use ip x.x.x.x. This is legacy config from a newly replaced firewall. FQDN Address objects are only reporting 2 I...
Current panorama and log-collector issuesPanorama – mgmt. server only – SW-version: 9.1.12-h3Log-collectors :PAN02- – PAN03 – same SW version as Panorama 1.The summary log retention days did not change after the log storage allocation updatePAN02> show log-diskquota-pctcfg.diskquota.pct.config: 25.000cfg.diskquota.pct.detailed: 80.000 --à...
Hello Is there a way to search a Domain in Minemeld with "contains" instead of "equals"? As example: We have entered *.blabla.com" in one of our Nodes. I would like to search for blubb.blabla.com - which of course does not match. Also "blabla.com" will not work... Does anyone have any Idea about? thanks
Hi Team, We have a SFTP server behind our firewall and its NATed to one of the interfaces of the firewall , we need to restrict the bandwidth to the SFTP server from Internet. When clients from internet connects to the server for downloading files they will be restricted to use 10 Mbps only. The generic KB is not helping in this case Thanks,Sam
Hi i need to uninstall XDR through SCCM
Hi all,could you confirm that pan does not support dh group 24 in phase 2?I've a peer that (just a test, is an android device with native ikev2 psk vpn configured) asks for that group and I got this errorDH group id 24 != 20, responding with INVALID_KE_PAYLOAD Thanks
Hello all,please excuse me if I am posting this question in the wrong section. This is my first LIVEcommunity post and I wasn't sure about the section I chose.Several of our customers would like to know exactly which Palo Alto Network services are hosted where. The customers found out that some services are hosted in Amazon IP ranges and they wo...
Hey all. I've come up wtih an upgrade plan to get us from 8.1.10 to 9.1.12-h3 based on reading resources. I would love some feedback on whether this is the correct process. THanks much. 8.1.10 Current SoftWare Version5.2.8 Global Protect VersionFirewall A = currently active firewall, firewall B = currently passive firewall)Download PAN-OS 8.1...
Hi, II am looking for information on how to configure GlobalProtect MFA with Office 365. I would appreciate if you have any information that you can share. GlobalProtect
| User | Likes Count |
|---|---|
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 2 |

