Can't get Wildix phone book working - Source address shows as WAN IP not LAN IP!?

Hi all, where I work, we are having difficulty in getting the Wildix IP Phone Phonebook to work through our PaloAlto PA-220 firewall what we use for all SIP traffic. (Wildix is a make of IP phones we are using.)

I keep seeing dropped traffic like the

PA and ASA n route mode

Hi,

I have the below topology  

PA and  ASA are in routed mode . 

The first question is the design is valid? 

I am facing a problem in this design 

ASA says the secondary is failed  ,primary asa says the secondary and dmz zone interface failed 

Thanks

Secure web-GUI access for managment

Dears,

When i log in my firewall it is showing the connection not secure.

For secure connection login, i have gone through these documents and try to configure a secure connection for web GUI access.

How To Configure A Certificate For Secure Web-GUI

Panorama HA

Hi Experts, 

We've Panorama in HA mode running on 8.1 and due to some reason, secondary is now active. Once the primary is back, with the preemptive checked, primary is still passive. 

Can someone please assist why primary is still passive?

Note: pls

Global Protect issue with Windown server 10

The issue is that when I connected to a server through Global Protect, I can't connect to another server.
I have to disconnect from Global Protect and then connect to the desired server. So basically he can connect to one server at a time.

However, wit

Number of chassis

We've been using Minemeld hosted on AutoFocus and now I stood up a new instance based on the docker hub image paloaltonetworks/minemeld/latest. There is a difference in the "# of chassis" shown on the system dashboard - 2 for the AF hosted Minemeld a

SD-WAN internet link (DIA) monitoring

I have a PA-220 with dual ISPs (WiFi and LTE). I tried to configure SD-WAN for direct internet access (DIA). Both gateways (routers from both ISP) are localy connected via ethernet. As far as I know, SD-WAN pings the gateway IPs to calculated the lin

Problem with routing of NATted reply packets over IPSEC tunnel

I have an IPSEC tunnel to another organisation, they have two endpoints at the other end on addresses which conflict with our networks.  We can just focus on one to keep it simple.

• We have an IPSEC tunnel set up and passing traffic fine (tunnel.3 int

GlobalProtect SMB file transfer results in error for large files

We have some users that need to transfer large files on-preemies. When copying files shortly between 5-20% data transfer this error is thrown. Files are MultiGig in size. Small file around 100M that I tested did not show this error.  Copying to the s

Setup Azure MFA with Global Protect - NPS/ISE

I am building this new but don't have concrete steps to start with. What I understand until now is that we need NPS extension for MFA to work with Azure. We last year moved away from NPS as our radius server to Cisco ISE.  So do I have to figure out

User-id issue.

Hi All,

Firewall is 3050 with pan-os version 9.0.9-h1 we are using user-id agent as well as agentless for user-mapping.

Sometimes we are getting machine names instead for ip-address instead of source usernames.we have user-based security policy. Why d

Trouble with NAT and VPN

Hi there,

i want to finish an easy setup which needs a simple DNAT and forwarding into a VPN tunnel on my PA5020.

I've created a working VPN tunnel which is the destination for my traffic. And this works fine if i'm using the tunnel ip to reach targets

QoS and GlobalProtect

We have a use case where many users need to upload files on premises and these are very large video files to on-premises. We want to rate limit/control the organization bandwidth consumed by these users. What are our options. 

Also we use subinterface