Resolved! VRRP on switches connected to PA in active and passive mode

below we have setup

https://snag.gy/3kRV8C.jpg

Where switches and routers are running ospf.

PA has static route to the VRRP IP of the switch.

1>>Need to know is this good design to have the VRRP backup router connected to the PA active switch?

2>>A

Resolved! "Management Interface Settings" Widget Doesn't Show Under DEVICE> Management tab

I have a  PA-VM-300 running 8.1.3. On the DEVICE> Management tab, I do not have the "Management Interface Settings" widget. The person who set this up, is no longer here.  Is this a widget that is specified somewhere, or is it perhaps missing for som

Resolved! Global Protect issue with BGP routing configuration

Hi All,

I have configured Global Protect and I can successfully connect. My Palo Altos are configured to peer and route via BGP which is working without issue.

My problem is I cannot reach anything once I am connected. I need at access two address ra

Resolved! Basic GP routing/NAT/policy

The Gateway/Portal of my setup works fine.

It's routing I think that's not working.

I just want a client over GP to hit local networks off the PANOS. 

IP Pool and access routes that been defined, work just fine .. I can see client has been bestowed the

Resolved! Split tunnel greyed out

Hello,

We are using PANOS 8.1.7 and GP 4.1.8.

We have multi Vsys and one of our VSYS administrator account cannot access GP protect agent split tunnel setup.

It is greyed out.

Is this an account limit or something wrong?

Resolved! TS Agent no port mapping when using windows net use

Hey Guys

We have noticed a weird behaviour:

When I do a telnet to IP 1.1.1.1 Port 445 on our Terminal Server with the TS Agent installed, the associated Port Range will be used as expected and the source user-id will be mapped.

But when we do a net use

Resolved! Steps required to add separate Log collection and LC communication Interfaces

Currently we have Single Management Interface on 2 M500 acting as

Management Interface

Log collection

LC  Communication.

From Panorama M100  we have single interface doing all the above functions.

Need to know what are steps in order to separte the in

Resolved! Changing name of many Security policy from Cli

Is ther any way to change the name of all existing security policies from the cli at once?

Resolved! VPN IPSec gcm or cbc cypher types

When configuring VPN to a 3rd party vendor and you are given the required settings for IPsec profile as sha1 or sha256 only, however on the Palo Alto firewall we have the option to use cbc or gcm, e.g. aes-256-cbc and aes-256-gcm.

In the past I used t