Logging Bittorrent File_Names

Probably a bit of weird question this one, but as the Evil Firewall Admin at an academic institution I sometimes get asked weird questions so I thought I'd pass the joy onwards. We have a researcher who is interested in data on piracy, and I thought

ipsec vpn both primary and secondary both firewall tunnels are up

passive firewall
Active firewall.
===============================================
we did failover from secondary firewall to primary.
After failover Primary firewall all vpn tunnels came up and On passive firewall tunnel info up.
is it normal behavior on

DNS queries to resolve internal hosts from PA managment IP

Hi Community,

I can see my firewall is sending DNS requests ( request for A record) to resolve some of internal hostnames.

• I dont have GP/detect internal host configured
• I dont have FQDN objects with these hostnames
• I have exported and checked entire co

Forward traffic inspection in Palo alto

Palo Alto and Fortinet are configured as internet edge firewalls.

Dual layers FA Internet ---- Palo Alto ------- Fortigate -------- Trust zone.

Outbound traffic is SSL inspected by a Fortinet firewall and the firewall acts as a forward proxy.  All use

URL Category mapping - Bluecoat to BrightCloud

Hi,

Could we have URL Category Mapping Between Bluecoat Content filter and BrightCloud. This would be required and useful for us to migrate from Bluecoat to Brightcloud filtering.

Rgds,

Tauseef Ahmed.

AWS VPN Tunnel and Path Monitoring

I have 2 AWS instances(Prod and Stage) each with redundant VPN tunnels to the same remote end Palo.  I setup path monitoring for each so that when one tunnel is down, the route is removed and the backup route is put in the FIB.  This only works with

Delete GlobalProtect Client from firewall

On a PA-500 we locally downloaded the GlobalProtect client and activated it. Now we want to remove it from the firewall, because we are deploying it via our software deployment and the users should not be able to download it directly from the Porta

Disable GlobalProtect option unavailable

No Disable option available although its set to allow with comment. GP version 5.1.4

Sectigo CA Chain Decryption Issues

Due to the recent expiration of the Sectigo RSA CA cert (https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020) and our Palo firewall SSL decryption policy configuration to block expired certificates we

Monitor Firewalls through Panorama (SNMP, API query ...)

Hello,

I am trying to monitor some firewalls via snmp but just asking to the Panmorama devices that are managing these firewalls:

If I run a snmpwalk using this OID 1.3.6.1.4.1.25461, the information about the firewalls that I get from the Panorama is