Incomplete sessions for NATTING/Access to different site DMZ

Hi All,

I am having a complex and tricky setup that require NATTING and host web server in different network/site DMZ, I know it is not best practice but hope you can help:

Here is topology:

Site A zones: Trust, Untrust and DMZ with their own public IP

Palo Alto aws Deployment

Hello guys

I'm honestly a noob. I just set up a palo alto vm series bundle 2 on my aws with 3 interfacer.

eth 0/0 for management

eth 1/1 for the public subnet

eth 1/2 for the private subnet

I've been trying to set up a wordpress server on the private sub

ikev2 with cisco Router using certificate problem

after I finished the ikev2 configuration(using Distinguished Name (Subject) from PAN and Cisco Router using identity local dn ), I got this isse:

received ID_I (type dn [CN=externalrouter.robinlab.org,unstructuredName=externalrouter.robinlab.org]) d

SSL inbound inspection

Hi Team,

I am facing the issue in SSL decryption intermittently. For the transaction website.

traffic flow for the SSL inspection is:-

Outside user ------> Paloalto--------->Load balancer-------->Application server.

In the destination NAT translation,

PA Migration from 5050 to 5220 with below requirement-Suggesstions Request

Hi Team,

I have to Migrate PA from 5050 to 5220 for data center firewall.

We are using ASA for Internet.In PA data center firewall we have 2 vsys 1 for internal  another for DMZ.

Now the planis DC firewall we are migrating to 5220 afterthat ASA replaced

Does updating definitions/antivirus cause any downtime?

I have a new PA-3020 that is inline on my network, meaning if it goes down then so does my network.  
Because this PA-3020 is inline I was worried about updating the definitions (only two weeks old right now), and I was not sure if during a definition

PA Firewalls HA Active-Active Routed design with BGP

Hello Everyone,
I'm designing an edge network with Active/Active HA. After reading the PA documentation, I found Active/Active Routed based redundancy design which seems best suited for our environment. However the topology shown in Docs is a square m

DNS Query

Can we configure firewall will allow only one response for one dns request packet. Please suggest

Not able to Ping

I have l3 switch , new vlan is created and its default gateway is PA FW..A machine when connected to trust interface eth1/2 is able to access the internet...but when machines are connected to switch with trust IP range,internet is not working.

My ma

Anyone run into a issue where Client Certificate does not get presented to GP if its in the Local Ma

Hi

Anyone run into a issue where Client Certificate does not get presented to GP if its in the Local Machine Store? I tired giving the user perm but this didnt fix it. Only way to resolve it is to move the cert to the user store, which I dont want to