Did you know that you can help your fellow community members by accepting solutions when a reply answers your question Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature
...
I'm trying to get pxe boot to work through the firewall. Now options 66 and 67 are available in palos dhcp server but I can't get it to work anyway.
Besdies normal dhcp options I've setup option 66 with IP and ip-address and option 67 with ASCII an
...
Hello Team,
Curious if anyone has Meraki and a PAN setup. We are trying to to link our remote sites to the data center. At the remotes the meraki is the router then in the data center we have the meraki behind the the PA. We can establish a VPN tunnel and pin
...
I have a Pa220 and its using DHCP for untrust interface. I have followed about 40 documents and knowledgebases and still have no success with connecting my iphone to the palo via global protect. I am using self generated cert. I have collected the lo
...
Hello,
So this is a document: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClhJCAS
Which states:
We have M500 and syslog server getting all the traffic logs.
What we want is do not send DNS logs to M500 only to Syslog server.
Need to know how can i config this ?
Currently we have single log forwarding profile.
What will happen in that case when DNS server becomes unreachable ?
Would destination server be unreachable ?
Possible solution if DNS server gets unreachable.
I'm running PanOS 9.0.3-h3 and I'm creating some new Security Policies.
I like that I can see what applications are getting hit in the rule.
My only problem is that while I'm testing, I seem to have to wait overnight for the Applications Seen to get u
...
I want all satellites to route all traffic through VPN tunnel when it's available. In GP gateway if I leave Access Routes emtpy or if I publish 0.0.0.0/0 to the satellite I get the default route with metric 100 on the atellite. But that means the sta
...
Is it possible to add the apps seen by the policy optimizer to an application group already created? I feel like this should be easy, but I can't seem to be able to do it. It appears you can create new app groups but cant add to current? Am I missing
...
We are getting alerts for "HA Group 5: Anti-Virus version continues to not match after device update". Upon checking the AV version is mismatch between primary and Secondary FW.
We are using PAN-OS 8.0.16
Why is this happening and how to fix this?
Thank
...
On PA 5520 with active passive mode is it possible to use HSCI port for HA2 connection if distance between active and passive PA is 30 km.
I read some QSFP+ transceiver support 40km with single mode?
Need to confirm here if this is possible ?
Hello -
Originally, I was going to setup GP with RSA MFA using this document: "RSA SECURID® ACCESS Implementation Guide Palo Alto Networks Next Gen Firewall 8.0"
It is written by RSA and is woefully lacking in detail and after seven hours on the phone
...
I have a SNMP server doing a backup regularly of my firewall's configuration.
At present, I have super-user permissions on that account. What are the least privileges needed for this type of account? also, any best practice to protect the access?
thank
I am testing multi vsys configurations in my lab and noticed that I am unable to use a source/destination zone of "any" in the device group security policy associated with vsys2. The default vsys1 accepts "any" zone. When I attempt to commit/valida
...
TomYoung
on:
Confused about QoS on Palo, need some assistance.
TomYoung
on:
Static Port Address Translation question
TomYoung
on:
what is the cli command for checking last failover
reaper
on:
SSL inbound inspection certificate issue
