Connecting 3rd-Party VPN Device to PA-3220

Hi. Wanted to ask for opinions, suggestions, and experience on this. We have a Cisco ASA VPN Device from our vendor and we'll need to connect this to our PA-3220 FW. So basically, Internet --> PA3220 ---> ASA VPN --> LAN. This ASA will be inside our

Mitel decrypt error

Hi all,

we have a open ticket with TAC, but wanted to ask if anyone's seen this, we're in the testing phase of it, and one of the phone's traffic shows up in the logs as decrypt error in the end result, so that phone is not able to login to the mitel

AWS x PAN 2 tunnels PBF backhaul internet static routes?

Anyone run into this before?  I have 2 x AWS tunnels (No BGP) and I want failover to occur and I want to backhaul internet traffic from AWS out through the PAN.  I have connectivity between AWS and on-prem with no static routes configured.  However,

Version 10 SMTP Authenticated SMTP

Good afternoon:

One question, I understand that in version 10 it is already feasible to use SMTP /TLS authenticated to for example use Office365 or Gmail, among others to be able to perform Palo Alto mail sending.

Someone has already configured and t

User not able to access one site

Not able to access the site is on another location I can ping the site it's responding I check session-id packet capture nothing was found.

I create a  policy for that user without any restriction still not able to access the site. In monitor its show

Does Active-Active HA supports more users?

Hi Guys,

My company bought a PA firewall a few months back. At that time we had around 85 users and PA technical person suggested that it will handle up to 100 users in our environment. Now, we have around 70 more people who joined our company, so tot

PPPoE Disconnection frequently.

Facing PPPoE session disconnection issue. 
As per ISP, this is a Firewall issue as from Laptop or Computer (directly connected to ISP Router) no disconnection being observed.

Palo Alto PA-3020

Following logs and capture packet are below 

2021-07-15 11:2

Security Policy filtering HTTP/S traffic over all ports

Hi!

Has anybody made a rule that filters the traffic by HTTP/S protocol no matter what the port is?

what I mean is for the FW to detect a client trying to access https://randomwebsite:X where X can be any port from 1-65535

running ver 9.1.8 

Email Gateway External IP

Good afternoon, currently for sending and receiving mails with Office 365 is using a Cisco CES ( Cisco Email Security ).

This device only has a couple of public IPs, it is external to the organization.

In Palo Alto, when configuring the SMTP Gateway.

Data Redistribution: If a PAN has it's self defined as an Agent - will it redistribute to it' self?

Hello Live Community,

We want to create a template "base_config" which will program all PANs with the same User-ID, Group Mapping, configurations.
Part of that would be defining the all PAN's Serial numbers as Data Redistribution agents.

So my question

More information about SSL Decryption and PAN-OS 10.0

Hey guys, 

I just wanted to let you know that I have just blogged about "What is SSL Decryption" and wanted to call your attention to it. 

Please read it here if you have not already seen it:

https://live.paloaltonetworks.com/t5/blogs/what-is-ssl-dec