Vwire interfaces are flap

We have a Paloalto connected in vwire mode Cisco ASR1 is  connected on PA eth1/21 (Primary) and Cisco ASA (Primary)is connected on PA eth1/22. Same as Cisco ASR2(secondary) is connected on ethernet1/23 and Cisco ASA(secondary) is connected via Ethern

Overlapping Proxy ID"s

I have a IPSEC site to site VPN with a Check Point firewall.  In the Palo Alto I have networks / proxy ID's that overlap each other?  Can this cause issues?

For example I have:

Local                                                   Remote

192.168.50.

Broken SSL Inbound Inspection After July Windows Updates Enables TLS 1.3

I have been using SSL Inbound Decryption for over a year with options

1) Block sessions with unsupported versions

2) Block sessions with unsupported cipher suites

After applying Windows 10 updates to a reverse proxy server, it appears that connection t

DMZ server is not accessable by Global protect

Hello,

I have one server belongs from the DMZ zone.
Example:-
server ip- 2.2.2.2
source ip for VPN user - 1.1.1.1
VPN zone
DMZ zone

There is 2 scenerio:-
policy(1) - I have created a policy like:-
sourcezone- VPNzone
source ip - 1.1.1.1
destination zone - DMZ

Global Protect in Linux error

Hi,

We are trying to connect to our VPN using Global Protect client in a Fedora laptop. We have tested the following articles: https://docs.paloaltonetworks.com/globalprotect/4-1/globalprotect-app-user-guide/globalprotect-app-for-linux.html#

but we ar

what happens when in Palo Alto Firewall PA 3220 when licenses expire ??

Dear Valentin ,

The customer has several  firewall Palo Alto 3220  ;What will Happen when  the license expire  in November 2020 ?

Its very important to understand will be the limitations at that  moment .

The customer has  Premiun Support & Threat Pr

Best way to load balance to ISP with Global Protect

We have an active/passive 3020 and in from of them we have an A10 Load balancers. We want to change our current configuration so we can have a load balance between our two ISPs.

What is the best practice regarding the Palo Alto? Which would it be the

Radius configuration with multiple servers

Hi, 

      We have an issue that sometimes our Duo proxy stops responding to Radius requests from our Globalprotect solution. Our IT operation team blames Microsoft for the issue and they blame Duo. I found a blog describing a possible solution here h

Walking into a new environment

Hello -

Just looking for ideas on the best way to get the lay of the land so to speak when walking into a new environment.  

Is windows VPN client and split tunnel supported?

Dear community,

I configured Windows 10 vpn client to connect to the globalprotect gateway and it works fine, the only thing that it´s not working is split tunneling.

Cannot see the Access Route For Third Party Client on the gateway like this example

LDAP Filter for Included Groups

All,

We have a requirement from our directory team to use ObjectCategory LDAP filter instead of ObjectClass attributes.

However it doesn't look like an option for Active Directory included groups. Only seems to be an option for custom groups, but thi

CDL - Disconnect from log server

Has anyone else experienced many more "Disconnected from Log collector Server" alerts since the CDL Migration to GCP? I used to get one every now and then but since the change, it's increased dramatically.  Every time I check, the firewalls are loggi

display issue for filter user.src on different vsys(include all vision)

Hi Guys

We got the issue for display src.user of different vsys(include ALL),

for example, when I filtering src.user(abc.com\CDE) on traffic tab of vsys1, then unsuccessful displayed blank src.user on tab, but when I clear filter index, we can see spe

internet ipv6 to on-premise ipv4 nat

Hi all,

there is a domain abc.com and there is an ipv6 dns record for that.so when using ipv6 from cloud is it possible to destination nat this to the ipv4 server inside.

I know as a workaround we can add an ipv6 ip to that server but it is not possi

Devices Stopped Sending Logs to Panorama

We have five (5) devices managed through Panorama. Two of them are still generating logs, while three of them have stopped sending logs. Please assist.

it the logs Stops to receive from the device and The traffic and threat logs can be viewed when lo