Changes to GP Gateway IP Pool

Hello,
Any idea if following 2 changes to GP Gateway IP Pool will affect the current sessions?

1) Expand the current pool from /24 to /22

2) Adding new pool entry

ha_nat_policy_mismatch counter

Hi Everyone,

What exactly does the below counter indicate and what would trigger it? 

ha_nat_policy_mismatch

I have added L3 interfaces to an existing A/A HA cluster that uses vwire interfaces in an asymmetrical traffic environment. The traffic on thos

GP Gateway Adding additional IP Address range

I need to increase the GP IP range. Is this as simple as adding an additional pool?

Bulk update of objects

I have a requirement to update the 100s of /32 address objects which do not have a CIDR.  Does anyone know of a script or other means to do a bulk update of the addresses to append CIDR?

Global Protect won't connect to Iphone MAC

Hello All,

We have Global Protect License for mobile we upgraded recently to 5.0.8 and i see my iphones will not connect.

did any one face this issue ? Works fine with  windows and desktops only with iphone i face the similar issue.

Any help will be mu

Different deployment mode in different VSTS

Hi All,

I would like to know whether it is possible to use different deployment mode (L3 or L2) for 2 VSYS of a same physical paloalto firewall box. 

We have 5620 and 5680 model. 

Thanks and regards 

Chandrajit

PA220 with all security features and SSL decryption forward proxy enabled

Hi,

According to the PA220 data sheet, firewall throughput is 500/580 Mbps, With Threat prevention throughput  240/280 Mbps.  What about in additional with SSL forward proxy ?   What is the tested throughput in 9.1.x ?

Thanks,

E

Why SSL Certificate Is Required In The Gateway When Tunnel Mode Is In IPSEC

Hi Team,

Wants to understand why ssl certficate is required in the gateway when tunnel mode is in IPSEC. Can anyone please provide the in depth connectivity process and justification for the need of SSL certificate on each gateway. 

-

Regards,

Sethupat

Create Custom Report for Unused Rules

Hi

I am struggling a bit here. 

I've been tasked to set up various reports on palo firewall. 

One of them is to create a custom report displaying all unused rules. 

I've tried many things. I followed this link: https://knowledgebase.paloaltonetworks.com/

Panorama Mode - No default collector

Hey folks-

Ive got an HA pair of Pano's in AWS that I needed to do some local logging to due to some missing features in Cortex.

Added the disks....changed the mode and poof! Nothing

Im not seeing a default logging collector or collector group as the d

Configure Palo Alto GlobalProtect VPN (PA-3050) with Azure MFA Cloud

* We have Azure AD Connect sync On-Premise Active Directory with Azure AD

* We have valid Azure AD Premium license

We would like to know whether we can configure MFA for our VPN. If so which one we need to choose

Azure MFA server or Azure MFA cloud?

P