Lot of non-syn-tcp

Hi Experts,

we have a lot (I mean a LOT :-)) of non-syn-tcp traffic on our PA5220 cluster. The PA is in an enterprise company. 

Are we sure that the non-syn-tcp means that there is an asymmetric flow? Let me give you an example:

1) Host A sends a SYN

Report of Number of concurrent sessions per day / month

Hi all,

I was wondering if it would be possible to have a report that on a daily base (with a monthly overview) would should me the average amount of concurrent sessions for that period, based on a specific virtual wire or interface.

I noticed that t

Can't get Wildix phone book working - Source address shows as WAN IP not LAN IP!?

Hi all, where I work, we are having difficulty in getting the Wildix IP Phone Phonebook to work through our PaloAlto PA-220 firewall what we use for all SIP traffic. (Wildix is a make of IP phones we are using.)

I keep seeing dropped traffic like the

PA and ASA n route mode

Hi,

I have the below topology  

PA and  ASA are in routed mode . 

The first question is the design is valid? 

I am facing a problem in this design 

ASA says the secondary is failed  ,primary asa says the secondary and dmz zone interface failed 

Thanks

Secure web-GUI access for managment

Dears,

When i log in my firewall it is showing the connection not secure.

For secure connection login, i have gone through these documents and try to configure a secure connection for web GUI access.

How To Configure A Certificate For Secure Web-GUI

Panorama HA

Hi Experts, 

We've Panorama in HA mode running on 8.1 and due to some reason, secondary is now active. Once the primary is back, with the preemptive checked, primary is still passive. 

Can someone please assist why primary is still passive?

Note: pls

Global Protect issue with Windown server 10

The issue is that when I connected to a server through Global Protect, I can't connect to another server.
I have to disconnect from Global Protect and then connect to the desired server. So basically he can connect to one server at a time.

However, wit

SD-WAN internet link (DIA) monitoring

I have a PA-220 with dual ISPs (WiFi and LTE). I tried to configure SD-WAN for direct internet access (DIA). Both gateways (routers from both ISP) are localy connected via ethernet. As far as I know, SD-WAN pings the gateway IPs to calculated the lin

Problem with routing of NATted reply packets over IPSEC tunnel

I have an IPSEC tunnel to another organisation, they have two endpoints at the other end on addresses which conflict with our networks.  We can just focus on one to keep it simple.

• We have an IPSEC tunnel set up and passing traffic fine (tunnel.3 int

GlobalProtect SMB file transfer results in error for large files

We have some users that need to transfer large files on-preemies. When copying files shortly between 5-20% data transfer this error is thrown. Files are MultiGig in size. Small file around 100M that I tested did not show this error.  Copying to the s

Setup Azure MFA with Global Protect - NPS/ISE

I am building this new but don't have concrete steps to start with. What I understand until now is that we need NPS extension for MFA to work with Azure. We last year moved away from NPS as our radius server to Cisco ISE.  So do I have to figure out

User-id issue.

Hi All,

Firewall is 3050 with pan-os version 9.0.9-h1 we are using user-id agent as well as agentless for user-mapping.

Sometimes we are getting machine names instead for ip-address instead of source usernames.we have user-based security policy. Why d