How does DNS Sinkhole actually works?

Hi Everyone,

i need your help to better undestand how DNS Sinkhole actually works.

I mean, i know how it works, how to configure it, but i'm facing a strange behaviour i cannot understand.

In the photo i have uploaded i have an example.

Both source and

QoS profile: Egress Max of Tunneled Traffic + Egress guaranteed of Clear(Regular) Text Traffic > Egress Max of Interface

Hi all,

I have some Platform: PA-850, PA-820, ...

I have configure QoS profile and apply QoS profile to interface (ethernet1/1) as attach files.

When configure QoS profile then: Egress Max of Tunneled Traffic + Egress guaranteed of Clear(Regular) Text T

Global protect for android phones using proxy

Could you please confirm if proxy is supported on the Android GP App. Our end users are using proxies on mobile devices including iOS, Chromebooks, and Android. It appears that only the GP clients on Android are having issues connecting. The GP clien

High amount of traffic to exchange server

We are seeing a high amount of traffic coming from outside public IPs to our exchange server. It's more than 2GB and sometimes more than 4GB of traffic. Initially, we blocked these IPs in firewall policy but every time after blocking the IPs, some mo

Assigning a link local IPv6 range to an interface

Hi team,

Does anyone know if it is possible to assign and use an IPv6 address that starts with FE80:: to an interface? (For example FE80::1/64) We can assign with no errors but the IP address is not pingable.

Thank you in advance.

Both the Vm Firewall was in active state

Hi Team ,

We have 2 Vm firewalls both the vm firewall are in Ha and in active and passive. The passive firewall base license and all the license have expired one week ago. The ha1 and ha2 link was showing and both the VM firewall was in active-active

SDWAN and Tunnel Monitor config

Hi All,

I'm trying to get my head around SD-WAN and tunnel monitoring, specifically SD-WAN AutoVPN creates Tunnels with tunnel monitor turned on with a destination IP of the other side of the tunnel and the Tunnel Monitor profile set to sdwan-default

Retro-fitting standard SD-WAN into existing firewalls

I want to deploy hub-spoke SD-WAN into my existing routers, but it says you must do it through Panorama.  It then wants me to create a template, add the router, interface, etc. and basically define everything to do with SD-WAN in Panorama.  The probl

Advertising default route in OSPF Totally Stubby Area

Hello,

I've setup an OSPF Stub area with the below options on the ABR:

- Accept Summary [ unchecked ]

- Advertise Default Route [ checked ]

However if I look at other neighbors in the area they are not received a default route pointing to the ABR. Is

Device groups out of sync for multiple firewalls

After importing a new firewall into Panorama all of the other firewalls are now showing out of sync. I believe it's because the box was checked that says "import devices shared objects into panoramas shared object context". When I tried to push to de

SYSTEM ALERT : high : Not enough space to load conent to SHM after upgrading PA820 to PanOS 10.0.3

Dear all.

I upgraded last night to PanOS 10.0.3 and this morning I'm getting error messages from the firewall:

SYSTEM ALERT : high : Not enough space to load conent to SHM

admin@xxx> show system disk-space

Filesystem Size Used Avail Use% Mounted on
/de

Tunnel interface show "Red"

Hi,

As iam facing the issue with  Passive firewall as interface status show "Red"

Moreover Tunnel monitoring is already disable still it's show red. As on the active firewall the it's show green,

Can you please advise.

User-id redistribution not working

I have user-id successfully configured on a fw, and i am trying to redistribute these mappings to panorama 

We are using the integrated Panos agent, 

i have created the the user-id collector name/pre-shared key on redistribution tab of the User-id Ag