Packet buffer protection - PA5220 vs PA5410

I've recently upgraded my firewall from a PA-5220 pair to a PA-5410 pair. The firewalls were on the same PanOS version (10.2.4-h2) and with the same configuration. This was the original configuration for PBP at the upgrade time:
The 5220 wasn't loggin

Dual ISP failover - stuck UDP sessions

Hi, I've configured Dual ISP failover using a PBF and everything seems to failover from ISP1 to ISP2  just fine. My issue is after we have failed over to ISP2 and ISP1 comes back online, not all traffic flips back to ISP1. 

UDP sessions for devices t

GobalProtect setup accross multiple standalone FWs in Azure

Hi All,

current setup more or less..

                                      |---PAN FW1---|

internet -->--- Ext LB----                         ---Int LB--------Azure Env

                                      |---PAN FW2---|

PAN FW1 and PAN FW2 a

Export/import tool using set commands

"Hello to the Palo Alto Networks community,

After conducting research on the tasks of exporting and importing configuration file in PA-VM version 10, I've learned that using file transfer protocols like TFTP and SCP allows for the export and import o

PA-3220 after upgrade into 10.2.6

Experience applications flow issue, most of the sessions incomplete (i deleted all active sessions with no resolution), reboot, fail-over several times, no luck. I opened a ticket with Tech support for advance packet flow process analysis no resoluti

discrepancy regarding web-browsing ports between applipedia and Pan-OS application

Dear community!

Did you notice that there´s an discrepancy regarding web-browsing ports between applipedia and Pan-OS application?

If you check for web-browsing details in the firewall you see standard port 80 and secure port 443. 

In the appl

DH group 15 not supported in phase 1 with IKE v1?

I need to migrate an old firewall to a PA-440 and came across an ancient IPsec where they have used DH group 15 for both phase 1 and 2. According to the docs for PanOS 10.2 DH 15 is now supported but the 440 whines about DH15 in phase 1 as I use IKE

PanOS 11.1.0 Upgrade - Panorama Refuses to Commit or Push on a Multi-VSYS System

Hey Team,

Has anyone encountered any problems performing the PanOS 11.1.0 Upgrade? I've encountered the following issue after an upgrade, where PanOS (Panorama) would not commit changes, much less push them to our devices. The configd.log file shows t

Palo Alto Authentication Failed Error Code : -1 after successful MFA SSO

Hi Team,

Getting Authentication Failed Error Code : -1 after successful MFA SSO. 

It actually takes the UN and PW, also was able to authenticate with my yubikey, but then it gives this error message.

Any fix to this please?

not able to open support case

Hi,

When I try to open support case error message coming up saying "Problem Category is missing".

Although I select the product as PAN-OS while creating the case.

BR,

Alaa

Best upgrade practice with HA Pair ?

We are preparing to update this weekend to 10.2.7 to resolve the expiring root certificate issue. We have an HA pair that we want to failover while upgrading as to not disrupt service. While I have the upgrade path from the Palo documentation what I

Setting Up Double NAT over a site-to-site VPN

Hi,

I've been trying to read up on if it is possible to set up what Cisco would call "Twice NAT" on Palo Alto, and while there seems to be a lot out there for really odd fringe cases, I'm struggling to find anything on what I think would be a reall

BGP failover not working as expected

Hi

Our PA 220 is running 2 eBGP's  with 2 CE (WAN) routers.

Those 2 CE routers will run eBGP with respective ISP's. 

We control the routing through Local preference. 

Routes learned via primary CE 1 has LP of 500

Routes learned via secondary CE

Paloalto can't block hotspot shield.

Dear all,

I am currently facing paloalto can't block and see hotspot shield app.

Our organization do not want to use ssl decryption to block hotspot shield.

Any other solutions to block hotsport shield without decryption ???

Thanks.