Path monitored static route not removed from BGP RIB out table when path monitor dest. IP unreachable.

Hi,

I have an issue where a Static route that is being path monitored and redistributed into BGP, is not removed from the BGP RIB out table when the monitored path is unreachable. The static route is still populated in the Palo Alto BGP rib out table

getting traffic after the interface is down

Hey guys hope you doing well I got a question I get a challenge one of my user getting traffic logs of NetBIOS by source Pvt IP from LAN to WAN the device from the source side is down the 2 Pvt IP still hitting the cleanup rule. The Policy is denied

Disable new apps in content update

Hi Experts,

We've a pair of firewalls (9.1.6) managed by the Panorama (9.1.6). We've Threat prevention license in place and client would like to install just the threats and not the apps by selecting disable the new apps in content update.

As recommen

TAC support has gone missing, again :-(

Opened a S2 TAC case @7pm ET 07/21/2021.  The SLA response time is 2 hours.  TAC didn't get back to me until 5:43am ET 07/22/2021.  The response from TAC is very vanilla, not helpful at all.

Call back to TAC this morning has been waiting for an hour

Exception Handling in Palo Alto Support Page 7/22/2021

Hello Palo Alto Team,

I would like to bring this up with you.

I noticed that your support page went down today 7/22/2021 and that is fine. What worries me is the way your system handles exception. I think you are exposing to much that end user like m

Disabling bad checksum on Firewalls

Hi All,

We have received an request to disable the drop of packets due to bad checksum. I had the following questions on this:

Q1: Can i see in the traffic logs if any connections are dropped due to bad checksum.

Q2: This can be done by enterin

NAT SDWAN

Hello,

My Name is Dwi.

I have case with SD-WAN configuration.

I have 2 ISP DIA provider, and i want to combine 2 ISP provider in to single logical SD-WAN for Load Balancing Internet Traffic.

the Palo Alto device is under NAT, please help me to configure

Using GlobalProtect , ExpressVPN and Remote desktop

Dear All,

I am pondering following scenarios:

1- I connect to Server "S" using GlobalProtect on my Computer "A". Now Assume i do not have access to computer "A" physically because i have moved to another city. I want to access computer "A" from anoth

Why does URL Filtering Profile with a custom URL Category assigned require the same custom URL category assigned in a security rule to work?

Hi all,

Pardon me for the lengthy title.

Here is the layout of what I am working with:



• I am currently running PAN-3020 on PAN-OS 9.0.13
• I do not have a URL filtering licence 
• I do not yet do decryption (long story).
• Security rules are any/any for testi

inter-vsys vs shared virtual router

Hi all

It seems like 1 virtual router can be shared by multiple vsys

Reading up

https://knowledgebase.paloaltonetworks.com/servlet/fileField?entityId=ka10g000000UADEAA4&field=Attachment_1__Body__s

1 VSYS can have all multiple VR’s as well as multiple V

ECMP and PBF not work

we have a PA-820 with dual ISP internet (ethernet 2, ethernet 3)  and  ECMP. all PC 10.1.0.0/16 can load balancing through 2 Internet connection.

If I use PBF so PC 10.1.3.250 only go out through ISP 2( ethernet 3), I see this PC cant connect to Inter