Resolved! Configuration Migration Tool?
All,Is there a tool to migrate the configuration of a 5050 running 8.1.11 to a 5220 running 9.0.x? Regards, John
All,Is there a tool to migrate the configuration of a 5050 running 8.1.11 to a 5220 running 9.0.x? Regards, John
Hello, I'm looking for information on how to migrate from a PA-7050 to a PA-5250. Is there any best practice documentation on how to make this transition? I am looking for the steps to migrate. I have migrated PA-500's to PA-820's, but haven't done the larger machine migrations yet.Any help is greatly appreciated.
I monitor the following parameters with SNMP V3 using PRTG:pan zone active other ip cpspan zone active tcp cpspan zone active udp cpsSince the upgrade from 9.1.7 to 9.1.8 these parameters can no longer be read. After downgrading to 9.1.7 it works again.Seems like a bug to me. Or did I mis something?
We are setting up a single pane of glass to monitor multiple systems. The software uses a web browser and iframes to connect to the other systems. Some sites work and some don't. The PA 7050 firewall console in particular returns a "refused to connect" message, even before you get a login prompt. By contrast, opening up a tab in the same browser...
I appreciate you being able to advise me on updating the software version to which i can safely upload and according to our PA-3020 HA equipment model, we are currently in version 8.1.15-H3. Regards,Steven Herrera
Hello to All, Is it possible to set the Globalprotect Always-ON mode enable Single Sign On, so that the user automatically logs into the portal but after that the user to need to authenticate to the gateway? The idea is that for the portal and gateway different authentication methods are used and the gateway authentication method does not use ...
Hi, I'm brand new to PA firewalls. Have a new pair of 3220's in active-passive HA. This is not in production. We are using them to learn on and eventually, hopefully later in the year move to production, replacing an active-passive Cisco ASA. I have two 10gbps fiber links to both our core switches in an mlag at the switch (so it looks like a ...
I want all devices on one of my interfaces to use my DNS servers, regardless of their configuration. Seems pretty simple, but I'm stuck.I can edit and OK/OK out of the DNS proxy dialogs (PANOS 4.1.2), but commit fails with "Inheritance source needs to be specified."The only option I have for "Inheritance source" is "None." I can only choose "Inh...
Hi, OCSP verification configured in a Certificate Profile on my Palo Alto 3020 doesn't seems to work. My GlobalProtect configuration with pre-logon is working with machine certificate but when I want to see the status of the OCSP cache on the Palo, I've an unavailable status : debug sslmgr view ocsp allCurrent time is: Thu Feb 2 10:21:28 2017Cou...
Hi everyone! I have a question about PA virtual router logic. For example, I have two static routes 0.0.0.0/0 AD 10 metric 10 next hop 1.1.1.10.0.0.0/0 AD 10 metric 10 next hop 2.2.2.2 ECMP disabled. All dynamic routing protocols are disabled. Which of these two routes will be chosen and why? Does anybody know how the firewall selects the route ...
Hi guys, Is there any way to find out stored log size per day? on show system logdb-quota command, there are full data stored size there.I'd like to know how much size for log storage per day. Thanks,
Hello Friends ! I am new to palo alto network ,i starting to understand and learn palo alto network firewall some time back .I have setup a firewall panos 9.04 on ubuntu with kvm using bridge connection and vlan ( i want to setup a passthroguth but due to iommu group i am fail to do so)my isp (with rj 45) is providing me dhcp address with vla...
Is it possible to access a GlobalProtect gateway using the strongswan client on Ubuntu 16.04 LTS? I am trying to use ikev2 and use certificate authentication. PA guidance suggests it is possible using Ubuntu 14 and PAN-OS7 but I can see no guidance for later versions.
I am trying to setup prelogon and have a question about the sec policies described in Step 2 of this guide: https://docs.paloaltonetworks.com/globalprotect/9-0/globalprotect-admin/globalprotect-quick-configs/remote-access-vpn-with-pre-logon.html I assume the source zone would be VPN (applied to tunnel) and the destination zone is Trusted (inte...
Hi Gang, First, thanks for having a look and a big thank you for taking the time to respond. I recently created a security policy rule that blocked outside-outside zone traffic. I did this due to outside traffic that did not match any NAT rules, for some reason, ended up matching the intrazone-default rule. Although this effectively allowed such...
| Subject | Likes |
|---|---|
| 4 Likes | |
| 2 Likes | |
| 1 Like | |
| 1 Like | |
| 1 Like |
| User | Likes Count |
|---|---|
| 5 | |
| 4 | |
| 3 | |
| 3 | |
| 2 |

