HA clarification with a single ISP

Hi Gang,

Excuse me for my ignorance. We had firewalls Palo literally thrown at us, and instantaneously put into production (not great!). 

I have a pair of Palo's in HA Active/Passive with preemptive enabled on active/primary. These are in turn, patch

Bootstrap debugs / logs

Hi,

I was wondering when I went through the bootstrap documentation, it mentions that it should display logs of the bootstrap even if successful but in either case, nothing appears on the console, not even a single word about bootstrap... where shoul

unable to retrive users on the panorama access list

Hello, 

I am trying to create rule that allowed specific users from the active directory. Strange enough on the rule, i am unable to get active directory users. Please advise 

*Urgent* Global Protect Crypto

I have one more query, If I change week encryption to strong encryption in tunnel traffics like Global Protect, IP sec tunnels, will it get affect the clients ??

Of course We have to check the peer side before we change the encryption methods & algori

IPSec tunnels - Active/Passive OR Active/Active

Hello Folks,

I'm planning on getting two new Palo Alto firewalls for setting up IPSec tunnels. I think the first tunnel will be a primary tunnel and the second tunnel will be back up. I'm tempted to set up my new firewalls as active/passive HA, to mak

Blacklisting Workstations?

Sorry if this is a dumb question, I'm still a bit new to PA.

I've recently had a case where a few workstations cannot access anything beyond the local network. A trace shows that they can reach their default GW, but not the next hop, which is the PA.

ntlm exited 4 times must be manually recovered

In our system log of the PAN5250 with PAN OS 8.0.15 i see the following critical message : ntlm exited 4 times must be manually recovered. Does anyone has the same issue or knows how to handle this. I can't find how to manually recover this and where

TLS syslog to a cloud based SIEM

Running software version  8.1.10 on this PA firewall.

I have the TLS syslog server profile setup in Configuration type logs and that works (getting config logs).
Then I setup this log forwarder profile that has both TLS syslog and UDP syslog server pro

Question regarding Customer Advisory "Content Delivery Network Infrastructure Update"

There is a new Customer Advisory "Content Delivery Network Infrastructure Update".

https://live.paloaltonetworks.com/t5/Customer-Advisories/Content-Delivery-Network-Infrastructure-update/ta-p/307121

We use AppID "paloalto-updates" to allow download of

GP: "Matching Client Config Not Found" when trying to connect

Heya Gurus!

I'm running into an issue that I can't seem to figure out.  I helped a client migrate a firewall over from Checkpoint to PAN.  A few false starts and we got it going.  Now we are working through the 'b' list of items that needed to be figu

Panorama HA Config question

Hi All,

Quick question on my new deployment for Panorama. I have a HA pair with unique hostnames and IP addresses with firewall as an active passive pair. The migration steps state the following:

Do not combine the HA firewall pair in to a single temp

Google Play Store Broken When SSL Decrypted

As part of our setup, at an independent school, we decrypt the majority of traffic and set rules to bypass where needed. As part of this, we've struggled to get the Google Play Store to work with decryption turned on. I've used a test phone without d