Management interface routing

I'm working on isolating the management interface onto its own network. The firewall will be the router for this traffic and the network switch it connects to will be L2 only. If my management IP is 10.10.20.10/24 and the gateway is 10.10.20.1 where

Phase 2 tunnel status

Please excuse me as I am still learning and am relatively inexperienced. I assume the phase 2 status can be red for following reasons (assuming IKE phase 1 is all correct and working) Authentication, Encryption, DH settings being incorrect/mismatche

FW in Palo IP changed

Hello -

I have an HA pair of palo's that were added to Panorama. The management IP for each of those palo's has changed and are now showing in a disconnected state. How can I correct this?

 
Thanks in advance.

require admin users being member of LDAP groups

Hello

We are using LDAP for authentication of the admin users (for Panorama as well as the firewall nodes).

Is it possible to adjust this, enforcing the user being a member of a specific AD group?

Last info found was regarding PAN-OS 8.1 (https://live.p

Setup VPN Global Protect DynDNS

Setup VPN Global Protect DynDNS

Dear community:

Good afternoon, is it feasible to be able to configure VPN access with Global Protect, on a Palo Alto with the following scenario:

Palo Alto with:
-Public IP Dynamically ( DHCP )
-Firewall configured with t

wildcard fqdn for destination in security policy. FQDN for  abc*.def.com

Team , I have a question about something that I guess is not possible to configure but will like to confirm if possible . My client want to allow  Internal NW 10.0.0.0/8 to FQDN abc1.def.com port HTTPS , this is normal and I have a few of this rules

Specific Action change on Individual Signature

Hi Experts,

We've configured a Vulnerability profile with the Action of Default. For the Windows Print night mare vulnerability (Version ID: 8424, signature ID:91333) and the CVE ID: CVE-2021-1675 I see the default action is marked as 'Alert' which wi

URL filtering

I have one query it is necessary to add a URL Category to add in URL Filtering Profile or I can add a separate URL category in the Security policy without adding any URL filtering Profile.

for example, I Create a URL Category name test which having so

how can we confirm if there is existing firewall rule or not in the policy by filtering by source and destination IP address and port numbers.

I can find existing firewall rule in the Firewall policy by searching by just source IP address or Just Destination IP address but our Firewall policy rule base is huge and i need to filter it by Source IP and destination IP address (both) and possib

Web Activity Monitoring for BYOD School

Hello All...

We are looking for a solution for a medium sized private school (k -12) to track users web activity. We'd want to be able to go back a week or so..nothing crazy. But would love to be able to get a report on a site\url and see what user

Bind 2 separate IPSEC tunnels to separate ISPs

I am trying to setup a separate IPSEC tunnel to a new ISP while keeping the rest on the old ISP.  I am doing this as a test.  My issue is lack of connection.  The message I get from the logs is that it try's the connection then I get another saying i

VPN Ipsec SitetoSite DynDNS

Good afternoon everyone, a question, is it possible to set up a Site-to-Site VPN between two sites with Dynamica IP, but that have each their FQDN with DynDns services.

Example:

Site 1: FQDN: mysite1.dynalias.net ( DynDNS )
Site 2: FQDN: mysite2.dynalia