General Topics

IP for Cluster HA Active Pasive

Hello,

We have a 3200 series HA cluster active/passive version 9.1.10.

The requirement is to access through a single ip always to the active node.

That is, I have an IP for the active node and another for the passive node but I want to configure a singl

GOOGLE MAPS WHILE BLOCKING OTHER GOOGLE SERVICES

Does anyone have any ideas on how to permit access to Google Maps but block access to all other Google services? I have tried using a rule matching the Google-Maps application however it requires google-base which allows many other Google services. I

Using PA-3220 for URL filtering to replace Barracuda Web Filter

We just got our PA-3220 and hoping to use that for our URL/Web filtering and discontinue our Barracuda Web filter.  Has anyone implemented the URL filtering with terminal server users?  

Can't access management console

I made a big mistake and not sure how to correct it.  We have a Palo Alto Firewall.  I wanted to white list an IP address so my PCI Scans would not fail.  I found an article but it seems it lead me a totally different direction.  It had me put the IP

GlobalProtect VPN - Multiple ISPs - Single Client IP Space Desired

Currently I have GlobalProtect Gateways on each of my ISP links which requires dedicated IP space for the clients according to PA documentation that client space IP pools shouldn't overlap.

I've recently been asked to grow the remote access pool to a

Now Open: Papers for the Ignite'21 Conference

Hi everyone,

I wanted to let you all know that Palo Alto Networks is now accepting Papers for the Ignite'21 Conference! 

Palo Alto Networks is looking for speakers and presenters with highly technical backgrounds who can share their experience an

PBF on a AE

Is it possible to have a failover PBF on a AE interfaces?

About license expired error in data filtering logs

Hello Guys,

One of my client is received the logs of data filtering with license-expired category. How to troubleshoot this issue?

Is it possible to force a specific user to use SSL over IPSEC to setup a tunnel to Globalprotect

One user of our company has an issue connection to the GlobalProtect Gateway using IPSEC, but there is also no fallback to SSL.

His ISP carrier is using "Carrier Grade NAT" and this is likely the cause of his issue.

I know that we can force SSL connec

Custom report analyse trafic on object

I want to check all my object addresses with zero traffic to clean up my flow rules.

Can I replace my sources and destination IP with an "all IP" setting ? 

Can you help me ?

section "Query Builder" does not work (see image)

URL Categories vs URL Filtering

Multiple questions - Recently we've found that traffic not within a URL category specified in a rule is being allowed. The rule appears to be allowing the traffic as the session starts and ends with the action of allowed determined. Would using the s