Resolved! Perimeter FW in A/P HA directly connected to Palo Alto vwire in A/A HA

the basic topology is:

Internet FW are non-palo alto in HA A/P directly connected (no switch in between) to a pair of Palo Alto in A/A HA -in Vwire mode (no Layer 3 on the Palo Alto but in transparent-zone)

then Palo Altos in A/A HA are connected to

Resolved! Telemetry error - CDL Receiver Key Empty

Hi All,

We have a client who all of a sudden started to receive the following telemetry error -  'CDL Receiver Key Empty' on PA-440. No changes have been made. Currently running PAN OS 10.1.2. They are not using CDL and are just sending Telemetry dat

Resolved! UNABLE TO PING MANAGEMENT INTERFACE FROM LAN

I have a fairly simple network setup in my LAB

Management Interface 192.168.1.1 /24

LAN Interface 192.168.100.1/24

DESKTOP IP 192.168.100.100

I have allowed all the Internal Subnet on the Management interface which is 192.168.100.0 /24 in permitted l

Resolved! Failover IPSEC tunnels with tunnel monitor keeps both tunnels active

We have just configured 2 IPSEC tunnels with a remote palo.  Both sides have 2 IPSEC tunnels with tunnel monitor and DPD configured.  For some odd reason, the when the primary tunnel is active and has active routes going to it, the secondary tunnel s

Resolved! NTP not working once authentication is enabled

Hi Guys,

NTP was working well. But when authentication was enabled below msg  is seen on the Firewall (NTP Stopped working)

NTP server is a local one using IP address (not FQDN)

PAN-OS Version 10.1.5-h1

All the other devices are syncing except for th

Resolved! TYPICAL NAT QUESTIONS

Hello,

I have a web server in DMZ with private ip address 192.168.10.100/24 and I would like all the traffic from outside should come to this server. My public ip is 1.1.1.2/255.255.255.248 which will bind to 192.168.10.100

To perfom this I can creat

Resolved! GlobalProtect expand IP Pool

We have an existing GP setup and it's working, but the IP Pool is set to a range of IPs 192.168.10.10-192.168.10.100 instead of a subnet 192.168.10.0/24.

I want to either expand the range or change it to a subnet.

I tested this by expanding the r

Resolved! Maximum Pan-os version recommended for PA-820

Please advise the maximum PAN-OS version for a PA-820.

We would like to ensure optimal security without sacrificing performance.

Recommended PAN-OS version to run is 11.1.4-h1

Resolved! User-ID agent upgrade path

Greetings,

I am running NGFW x 35 (10.2.10-h3) and User-ID Agent 10.2.2-111, which I believe needs to be upgraded to avoid the Nov-18 issue.

My question is, does the User-ID Agent need to remain in the same stream as NGFW (ie. 10.2.x) or can it g