Configure HA1/HA2 command line
Need to configure the following in CLI:Control Link (HA1)Port ha1-a Control Link (HA1 Backup)Port ha1-b Data Link (HA2)Port ethernet1/1 Data Link (HA2 Backup)Port ethernet1/2 Any insight would be appreciated.
Need to configure the following in CLI:Control Link (HA1)Port ha1-a Control Link (HA1 Backup)Port ha1-b Data Link (HA2)Port ethernet1/1 Data Link (HA2 Backup)Port ethernet1/2 Any insight would be appreciated.
Do the power supplies within the PA-5250 load share? This is probably a real simple question but I have not found an answer within the documentation yet? Thanks!
Hi,I've done this successfully in the past, but cannot remember the proper order. I have a PA-200 that I want to replace with a PA-220. The PA-220 is in Panorama, its a device group + template. Should I1) configure the PA-220 with basic ip connectivity to Panorama, add the serial add it to the device group, template, push the config and then ...
The firewall is running 9.1.4 (5250). The mgmt interface does not have general internet access so service routes have been configured for the following to use the external interface (internet connected): DNSEDLNTPPalo Alto Networks ServicesURL Updates Policy is created to allow outbound traffic to the internet sourced from the external IP (NAT ...
Hi all, I have an upcoming deployment and I need your inputs here. I will be replacing a fire that is configured in HA Pair with a PA-3220 non HA pair. The core switch of the client is configured as a active-passive (NX-OS). My concern is, can I enable LACP on Palo Alto side and make it a routed interface and assign IP to it and on the nexus s...
This is a confusing issue because it's NOT happening on other machines within the same network (same ISP, etc). I go as even as far as testing on a virtual on the same machine that is having the issue within the host operating system. I'm not getting this error within the Virtual, but getting it on the host OP that is the same machine. I was ...
Multiple logs are generated for LACP on passive firewall , but not sure whether this event generated due to layer 1 issue or config issue at switch end. We never faced this king of issue , this log are generated all of a sudden on passive firewall. Looking for exact meaning for below events . PFA image1. Link-down2. nego-fail3. lacp-up there is ...
I am putting in a Jabber system using Expressway-E and C. My Expressway-E server is NAT'd through the PA-3020 and I have a security rule set up to allow the required ports in on the Public address. If I make a call IN from an external Jabber client it goes through fine. If I try to make a call OUT from a phone to a jabber client, the call does n...
Hi Guys, We have to upgrade firmware of our PA FWs in Active-passive Cluster (It's first time). Referred some online available documents to get familiar with upgradation process but all of them have difference at certain steps (I mean they are not unique). requesting if anyone can share the easy and effective straight forward steps (preferably ...
Hi, How do I get access to below link?https://live.paloaltonetworks.com/t5/learning-articles/packet-flow-sequence-in-pan-os/ta-p/56081 I usually get below message when I try to access learning articles on PA. I'm registered as a customer. Any ideas please? You do not have sufficient privileges for this resource or its parent to perform this acti...
Hi All, Referring my prior discussion Subject - "Firmware Updation A-P" , We have below configuration enabled on Link & path monitoring configuration at this moment, have a look on screen shot. Will this be sufficient to trigger auto failover to Passive , if in case we can disconnect / disabled any of the directly connected interface from A...
I have a requirement to allow the internal NTP servers to sync with ONLY US.pool.ntp.org. I have tried creating the rule 2 different ways.Create a address object using FQDN for us.pool.ntp.org and use that in the rule destination.This doesn't work as there are like 500+ ips behind that poolCreate a custom URL category for us.pool.ntp.org and us...
Hello , I have a requirement , Currently both Internal and external users ( both are AD users) connect to GP via their AD user name and Password Requirement is enroll Machine certificate to Internal Users and a Common Certificate issued by Palo Alto Generate Root CA to all External users Internal Users are having Machine Certificate issued by P...
Hi, i have distribution , core ,access layer data center are connected to core , Need to setup data center firewall In data center we are following 192.168.0.0 /16 in distribution 10.0.0.0/8 So what should be my managemnt interface ip address . I should choose one of the datacenter network ip address ? Thanks
I have a server that connects every 10 minutes to an SFTP server. I would ideally like to know when it is done for the day. So I setup an email server profile and started on a Log Forwarding object. It does not really have to be a log, just and email that says "Oi the server is done for the day". The server connecting is a third party so I c...
| Subject | Likes |
|---|---|
| 4 Likes | |
| 2 Likes | |
| 2 Likes | |
| 1 Like | |
| 1 Like |
| User | Likes Count |
|---|---|
| 4 | |
| 3 | |
| 2 | |
| 2 | |
| 2 |

