IKE Certificate Authentication Peer ID

Hi,

Im trying to setup a VPN connection using certificate based authentication. When Phase 1 tries to establish I'm getting the following error

Are EDLs updating from passive device?

Dear community,

We´ve configured a couple of external dynamic list (IP and URL) on a local minemeld server and the passive device fails to fetch those lists.

Error obtained is: "Unable to fetch external dynamic list. Couldn't connect to server. Usin

HA1 and HA2 Links

Hi Guys,

I have configured each of my HA links to have backup links. I would like to know, are the backup links also sending and receiving traffic like port-channel in which both ports are active? Especially the HA2 if we want to have 20G or more link

IPSec VPN and Dead Peer Detection (DPD) in IKEv1 and Liveness check in IKEv2

I have two different IPSec VPN tunnels between a PAN and two different Cisco devices, let call them R1 and R2, as folllows:

PAN IPSec IKEv1 <<---->> Cisco R2 IKEv1

PAN IPSec IKEv2 <<---->> Cisco R1 IKEv2

I enable Dead Peer Dection (DPD) in the IKE gat

GlobalProtect: The server certificate is invalid

I am trying to configure GlobalProtect (hereafter: "GP") TLS VPN on a PA-3050 running PAN-OS 8.0.6-h3. I am working with a GP client version 4.0.5.

I have successfully configured GP so that I am able to connect when using a self-signed certificate

PPPoe connecting to Centurylink / Qwest

I am replacing ASA boxes with PA. Currently the DSL modems are set up in "transparent" mode. This means that the firewall makes the "call".

The ISP assigned a block of static IP's and at least in case of the ASA I do not need to specify anything else

PPPOE Not Establishing

I am trying to connect a Palto Alto (in Ebano, Mexico) via PPPOE and it will not connect. As described in the PA doucment the interfeace is tyring every 3 seconds but getting the following "'PPPoE session failed to connect for user:u1st on interface:

Permissions for dependent application under parent application to inbound destination

Hi All,

I am in the process of migrating from Lotus Notes to O365.  The migration requires a ton of IP's being permitted from the outside inbound to my migration servers in my data centers. Rather than call all of those IP's, I am instead permitting

Sip ALG

Hi community,

I have seen lot of Palo Alto documents and some blogs saying about ALG functionality issue in firewall.
I am facing some issues randomly with ALG functionality in firewall, I have seen documents says to disable ALG in PA, but my sip serve...

HA Upgrade Path 8.1 to 9.1

I have an HA pair of firewalls on 8.1. Do I need to upgrade both to 9.0 and then 9.1 or can I upgrade one all the way to 9.1 and then the second from 8.1. to 9.1?