Palo Alto Active/Passive > eBGP to ISP > VLANs for ToR switches (Juniper)

Up top, have an eBGP peering with ISP.

Trusted Zone > L2 Links down to Nexus > then Juniper ToR switches aggregating servers

The firewall will perform L3 and contain the VLANs.

How would you go about the connections from Palo > Nexus > Juniper 

IPSEC IKEV2 bettwen PA and azure

I want to setup IPSEC between PA and azure using dynamic routing protocol ( bgp)

Any help with dpcumentation will behelpfull.

getting frequent wildfire updates

Every 5 mins getting alerts related to Wildfire

 Previous week, we have alert now and then but not this often (5-10 alerts per week)

what can be the cause if sudden spike in updates??

It's a medium level system alert saying "Successfully registerted

syslog reports (web usage)

Hi all,

I do daily scripted syslog reports for traffic through the firewall. PA syslog messages are pretty good actually. However, the only messages that have something that resembles URL is the messages of the "THREAT url" pattern. Now, I accasional

Question About Panorama VR || CAN ADD SINGLE ROUTE WITHIN A VIRTUAL ROUTER FROM TEMPLATE IN PANORAMA

Hi Team,

Can anyone provide your valuable suggestions, If no any other alternate way please. 

I'm facing issue with configuration of the devices using panorama. Please find the details of the issue mentioned below.

1)      Using panorama access enable

connect-server-monitor-failure

Has anyone experienced numerous of these "connect-server-monitor-failure" alerts when using agentless user ID?

I have 20+ firewalls using a few specific domain controllers to get user ID info, but these alerts are constantly, 100's an hour.

It seems

User-id doesn't work on SSID

I have PAN UID agent mapping IP-to-usernames. It works like a gem for internal users but not on the DMZ which allows company phones with their AD creds. I am not seeing any usernames for these users although they authenticate against AD server. has a

Commit error profile compiler can not find tid 40006 in threat database

Hi,

We are having issues with commit in the FWs from last Wednesday. The error that we receive is: "Error: Profile compiler : can not find tid 40006 in threat database". The commit finishes correctly, but with the warning of the error.

We have revert

NAT + DIPP question

Hi - we have experienced an issue where users in a certain zone were having intermittent problems accessing the internet. We speculated that there could be a NAT issue, and the pool might be full, or translations just werent working. The pool is larg

POC in AWS - Palo Alto Active/Active under NLB

Working on a POC. 

Have two firewalls sitting under an NLB. One of the firewalls routes traffic to database. This appears to be a limitation on the VPC route tables. 

With traffic from App server destined for the DB, it goes through AZA palo alto. 

W

PXE Boot Not Working

Hello everyone,

I have a new issue where a PA3020 has been placed between Client and Server subnets on the network. Since this install, building new PCs using PXE boot and deploying Applications using Windows SCCM no longer works.

The build starts and