phase-2 sa purge mismatch SPI:0x00000000/0x07A04C1A

i am able to establish tunnel with vendor

can ping the vendor lan ip

but ikemgr shows

2019-05-02 13:01:54.000 -0600 [PWRN]: { : 94}: phase-2 sa purge mismatch SPI:0x00000000/0x07A04C1A.

VPN tunnel and NAT rules

I have to create a VPN tunnel between two businesses.  The main objective is that company A needs to provide access to the following subnets to company B:

10.10.1.144/28

10.1.2.144/28

I've got all the tunnel info set up, and there is just a public IP

shared policy for device group context

Hi , can anyone help me to confirm whether we can create shared custom policy for dedicated device group context 

We want to hear your thoughts - Enhanced LIVEcommunity Experience

Now that the enhanced LIVEcommunity experience is live, we want to hear your feedback and also help address any questions you may have! Please use this discussion post to share your thoughts or ask questions. 

You can find a walkthrough of all of t

Traffic to one internet IP address to use specific interface and WAN IP

Afternoon all!

I'm sure this is easy on our PA850 firewall but I can't figure it out.

Interface setup

• ethernet1/1 - Internal networks - Zone LAN
• ethernet1/5 - Primary internet line with /27 IP range - Zone WAN
• ethernet1/6 - Secondary internet line with

How to migrate from a PA-7050 to a PA-5250

Hello,

I'm looking for information on how to migrate from a PA-7050 to a PA-5250.  Is there any best practice documentation on how to make this transition?  I am looking for the steps to migrate.  I have migrated PA-500's to PA-820's, but haven't don

SNMP bug in Pan-OS 9.1.8

I monitor the following parameters with SNMP V3 using PRTG:

pan zone active other ip cps

pan zone active tcp cps

pan zone active udp cps

Since the upgrade from 9.1.7 to 9.1.8 these parameters can no longer be read. After downgrading to 9.1.7 it works aga

iframe support for PA 7050 firewall webUI?

We are setting up a single pane of glass to monitor multiple systems. The software uses a web browser and iframes to connect to the other systems. Some sites work and some don't. The PA 7050 firewall console in particular returns a "refused to connec

Recommended version for PAN-OS 3020

I appreciate you being able to advise me on updating the software version to which i can safely upload and according to our PA-3020 HA equipment model, we are currently in version 8.1.15-H3.

Regards,

Steven Herrera

Is Palo Alto Globalprotect Always On mode possible only for the portal?

Hello to All,

Is it possible to set the Globalprotect Always-ON mode enable Single Sign On, so that the user automatically logs into the portal but after that the user to need to authenticate to the gateway?

The idea is that for the portal and gate

DNS Proxy inheritance source

I want all devices on one of my interfaces to use my DNS servers, regardless of their configuration. Seems pretty simple, but I'm stuck.

I can edit and OK/OK out of the DNS proxy dialogs (PANOS 4.1.2), but commit fails with "Inheritance source needs t

GlobalProtect OCSP validation not working

Hi,

OCSP verification configured in a Certificate Profile on my Palo Alto 3020 doesn't seems to work.

My GlobalProtect configuration with pre-logon is working with machine certificate but when I want to see the status of the OCSP cache on the Palo, I