High Availability

The Palo Alto instructions to set up High Availability are fairly straightforward, but the devices upstream and downstream barely get a mention. In our case, downstream we have two Cisco switches and multiple VMs attached. Upstream are two Cisco swit

EDL object not showing up on dropdown list in policy rule

Hi,

PAN version 9.1.0, no Panorama.

I created two EDL - one of type IP List and one of type Domain List.

Both EDL point to an internal webserver which holds the lists.

Both EDL pass the "Test Source URL" check.

The IP list works fine, we put it an a poli

BGP Configuration Help

Hi

I am not a network engineer by no means and have setup basic BGP in the past with various peers with the peers being the source of truth for all routes.

I have a situation were our primary firewall has been using static routes for everything, defaul

what is the meaning of "tcp client reset via TCP responding rst" output in global counter

We are not able to connect VPN hosted in vpn_dmz zone.

We have deployed third party vpn in vpn_dmz zone and configured inbound nat for same.

Its old setup , all of sudden we are unable to connect vpn intermittently.

did pcap for vpn public ip , showing

Advice on using MFA between Duo vs. Azure MFA vs. Okta

Anyone setup MFA on Global using Duo, Azure or Okta?

Just looking for a pro/con list concerning the following items:

• ease of setup/config
• cost per user
• ease for end users
• any other concerns

Palo Alto Networks Announces Prisma Access 2.0

Palo Alto Networks announces Prisma Access 2.0, expanding the industry’s most complete cloud-delivered security platform.

Prisma Access is the only solution that protects all apps with best-in-class security while delivering an exceptional user exp

Simulate SIP Traffic in Lab

Hello Everyone, 

Like most on this form, I believe I am having issues with SIP, which is causing some soft phones to reset. I have started gathering a list of possible fixes that have been posted by the community and Palo Alto. I want to try these fix

Decryption Certs

Does anybody know if we support separate Decryption Certs in a multi VSYS environment? I have an MSP who wants to use different Certs from each of their customers. 

Thanks

Papercut Mobility Print - NG-Firewall - Application

We are moving more and more from Citrix, to working on the laptop. A lot of out users are used to "printing" there documents for the next day, so when comming into the office, they just walk to the printer, present there RFID-tag, and presto.

We us

Web sessions getting blocked when session switches user ID mid stream

Let me first preface this by saying I am not our network admin, and I have no access to our Palo Alto devices, but since the teams here that are supposed to be managing them cannot be bothered to look at our issues, I wanted to see if this community