Trouble routing VXLAN traffic as it enters the outside interface

Hello community,

I am attempting to create a VXLAN over IPSec solution between my PA-3250 and a remote Fortinet FortiGate 61E. I have managed to get things configured correctly on the FortiGate (I think) as I am seeing the traffic entering on the Palo

Want to use IPv6 for bi-directional nat for VC.

Hi,

Want to use ipv6 for bi-directional natting only for VC. Want to know the procedure on how to configure it.

I have tried https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/networking/nat64/configure-nat64-for-ipv6-initiated-communication.h

PA OOB Managment Interface question

How can I get PAN updates via the MGMT Interface if its on an isolated network inside my organization. NOTE: Its not on the internal zone. The route is working as i can see my packets leaving via egress when i ping from the host connected to the MGMT

How to control reverse DNS lookup through DNS SecurityLicense

The user was trying to send a mail from internal to external domain but it is blocking by sinkhole because it is showing as malicious traffic, however, we are able to receive from that malicious domain, Can we block reverse mail from an external serv

FTPS connection impossible with AntiVirus, AntiSpyware or vulnerability protection is enabled

I have an FTPS server behind the PA. When I enable either AntiVirus, AntiSpyware or vulnerability protection with default profiles it is impossible to connect to the FTP server over TLS. The below errors are seen. When I disable these protections I'm

How to submit incorrect app classification?

I'm having some difficulty navigating this site. I want to submit the application "Xbox Music" as streaming music (http://music.xbox.com). Currently it's being classified under "xbox-live" (online gaming).

Registering a PA-850 (won't allow me to register the device)

Hello everyone, 

My company recently purchased a used PA-850 from an Ebay listing. I have been trying to register the device so I can update the OS Version.

However, when we attempt to register the PA-850, the system throws an error saying it is unab

How to force GlobalProtect user to always connect to portal

Hi Guys,

For couple of reasons, recently I started to think - Is there a way to force the users to always connect to the GP portal first and don't use saved gateway config?

I have noticed that we have lots of users connecting straight to the GP gatew

Not able to push and commit from the panorama.

Dears,

I have added my firewalls in a panorama. but sometimes i am getting the below commit error:-

VPN-SSL is not a newly created object. it was there since i added the firewall in the panorama. And the issue occurs intermittently.

Panorama version -

Múltiple Proxy ID PAN - Migration from FG using group address.

Hello guys!

I'm on a manual STS VPN homologation from fortigate, and I have address pools declared in the encryption domains, which translates to too many proxy id's for palo alto, is there any way to configure this without having to generate so many

Office 365 stmp relay

Allowing Office 365 smtp relay FQDN as a destination address in policy. but not working. any suggestion.