Palo Alto aws Deployment

Hello guys

I'm honestly a noob. I just set up a palo alto vm series bundle 2 on my aws with 3 interfacer.

eth 0/0 for management

eth 1/1 for the public subnet

eth 1/2 for the private subnet

I've been trying to set up a wordpress server on the private sub

ikev2 with cisco Router using certificate problem

after I finished the ikev2 configuration(using Distinguished Name (Subject) from PAN and Cisco Router using identity local dn ), I got this isse:

received ID_I (type dn [CN=externalrouter.robinlab.org,unstructuredName=externalrouter.robinlab.org]) d

SSL inbound inspection

Hi Team,

I am facing the issue in SSL decryption intermittently. For the transaction website.

traffic flow for the SSL inspection is:-

Outside user ------> Paloalto--------->Load balancer-------->Application server.

In the destination NAT translation,

PA Migration from 5050 to 5220 with below requirement-Suggesstions Request

Hi Team,

I have to Migrate PA from 5050 to 5220 for data center firewall.

We are using ASA for Internet.In PA data center firewall we have 2 vsys 1 for internal  another for DMZ.

Now the planis DC firewall we are migrating to 5220 afterthat ASA replaced

Does updating definitions/antivirus cause any downtime?

I have a new PA-3020 that is inline on my network, meaning if it goes down then so does my network.  
Because this PA-3020 is inline I was worried about updating the definitions (only two weeks old right now), and I was not sure if during a definition

PA Firewalls HA Active-Active Routed design with BGP

Hello Everyone,
I'm designing an edge network with Active/Active HA. After reading the PA documentation, I found Active/Active Routed based redundancy design which seems best suited for our environment. However the topology shown in Docs is a square m

DNS Query

Can we configure firewall will allow only one response for one dns request packet. Please suggest

Not able to Ping

I have l3 switch , new vlan is created and its default gateway is PA FW..A machine when connected to trust interface eth1/2 is able to access the internet...but when machines are connected to switch with trust IP range,internet is not working.

My ma

Anyone run into a issue where Client Certificate does not get presented to GP if its in the Local Ma

Hi

Anyone run into a issue where Client Certificate does not get presented to GP if its in the Local Machine Store? I tired giving the user perm but this didnt fix it. Only way to resolve it is to move the cert to the user store, which I dont want to

Regarding Wildfire analysis

Hello Guys,

I am preparing for a PCNSA exam and practicing my labs at NDG portal. It is running version 9.0.1. Except for the File from the lab guide the firewall is not sending any other files to Wildfire for analysis. Is their some other things i s