Generating SSL Decryption Forward Trust Cert for an HA Pair via Panorama?

I've successfully rolled out SSL Decryption on a bunch of non-HA firewalls via Panorama. Generating the .CSR, signing it with my CA, and then importing the .CER but I'm wondering if this is going to work with my HA Pair because I'm guessing that I'll

Router on a stick with VLANs

I have a single HPE 5400 that links to a PA-820. I have an untagged p2p VLAN on a Layer3 interface on the PA. I use this as the "MGMT/LAN" side. The HPE is doing routing for internal networks.

To add another VLAN, I tagged that same port on the switc

Export traffic logs in CSV

Hello All,

I have tried to export logs from firewall its reach limit up to 1048576 rows, this is only for 3hr logs can anyone have the option to filter logs or can we exceed this limit.?

proxy_arp_pvlan

Hi all,

I was dealing with a scenario recently which I eager to use the Palo Alto firewalls.

In my design, it is a must to use the feature which is called ARP alias in Cisco terms, and ARP publish in Juniper terms. In case of Linux as Palo Alto is usi

Azure Cloud IPs with Service Tags - REST API

I know there is a miner today for the Cloud IPs with Service Tags from a JSON file download.

There is also a REST API that could be used to pull this information, and would in a way work better than the existing JSON file, because you can split on lo

HIP Check licensing expired

I thought that HIP check licensing expiration (trial version), would cause any rules on the FW - using a HIP check profile column to not match.   Instead, it appears that it causes the firewall to simply not care about that column at all.... and allo

Need help with Minemeld converting Hex address to dot-decimal ip address

I have a specific application that provides a list of addresses via API only in hex that I want to pull via minemeld but need to convert it to dot-decimal addresses for eventual usage with Palo Alto firewall policies.  Does anyone have a tool or usef

Removing my site from Palo Alto's blacklist

Hi, please tell me how can i contact to Palo Alto for taking  my blacklisted domain to whitelist in a palo alto DB

TCP TimeOut caused by the PA?

We have a video app that is streaming through our Palo Alto firewall on port 80. Everyone once in a while the session fails and can only be revived by hitting refresh in the browser. I am dealing with a network manager that's convinced the PAs are Re