HA1-Backup connection down

Dear Team,

We got the below error continuously, Crosschecked HA configuration is good only.

Pan os: 9.1.3 Device: 3020

2021-09-07 08:30:32.699 +0530 debug: ha_sysd_config_status_notifier_callback(src/ha_sysd.c:2870): Ending monitor increase holdup on

Vpn in Thailand and Asia

Is there anybody working from Thailand using Global Protect vpn?
I heard that the country can block vpn connection. While my company's configurations allow me working from Thai.

I'm planning to relocate and want to make sure i can work from there.

Would

issue if there is a one certificate profile for Windows User-ID agents and Terminal Services (TS) agents

As per below image You can only assign one certificate profile for Windows User-ID agents and Terminal Services (TS) agents.

We want to enable secure communication only between User-id agent and firewall , so we will import server certificate only in

no internet access when VPN Ipsec Xauth PSK is connected

VPN connection by Ipsec Xauth PSK, not permit access to internet when the device is connected to VPN

CPS calculation per server

High Availability question

Hi all,

This is my first post on this forum. I am also a brand new Palo Alto customer and we just purchased a pair of 3220 firewalls.

As the subject says my question revolves around HA as I would like to start putting together a plan for design and d

Anyone have issues with 10.0.6

Just kind of a broad general question, but has anyone had any issues going from 9.1.x to 10.0.x in a large environment? Or would the preferred 9.1.x version be the way to go?

PaloAlto integration with external sandbox

Dear Team,

Appreciate your support for the below.

Can we have integration with external sandboxes such as TrendMicro sandbox (DDAN) through API?

Thanks in advanced

Show Shadow Rules 2021 Post

Hello -

I saw a post about this from 2012 and the answer was basically no.

Well, it's been nine years now and I'm hoping there is a way to view shadow rules without doing a commit.

Block malicious domains at interface level

Hi Team,

I have a concern where is there any way to block malicious domain based or malicious ip based traffic ingress through the firewall to trust zone or dmz zone from untrust zone to be blocked at interface level even before it reaches to pbf or

GlobalProtect breaks internet access

hello guys,

Did some of your GP uses complain that they lost the internet after GP connected?

It just happens recently and for some users only.

GP version is 5.2.7

Thanks

Regarding blocking unknown or malicious domains or malicious user

Hi Team,

I have a query where i need to block some unknown attacker or someone malicious from external trying to access my internal network or DMZ.

I need to ways to block or deny those specific traffic. We have enabled country based block, we have IP