Which is the best monitoring option for redundant IPSec Tunnel?

Hello.

I'm trying to configure dual ISP and automatic IPSec tunnel failover.

Network diagram looks like picture in here(https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFiCAK).

And IPSec peer devices are Fortigate.

Not like a

Issue with UserId agent

Hi, 

We are having an issue connecting our UserID agent (version 7.x) with a DC in W2016. We have Userid agent version 7, we know that its not compatible useridagent 7.x with Windows server 2016, but we have several DCs in useridagent 7.x and one of

Upgrading HA setup in large steps

Hi,

I'm going to upgrade a PANOS 5.0.14 to version 7.1.

As I understand, the correct sequence is:
Update PAN-OS 5.0.14 to 7.1.x:
Download 6.0.0
Download + install latest 6.0.x release (reboot)
Download 6.1.0
Download+Install latest 6.1.x release (reboot)
Dow

Unrusted Cert Warning on IE

We have created SSL cert for the PA web gui from our internal CA.

When we access PA web gui via Chrome it is good.

When I use IE it get the cert untrusted cert warning message?

How can i fix this ?

Odd duplicate ping issue. DUP

I have a strange issue.

I am setting up a new 850 HA pair A/P

To the outside world is a LACP Aggregate, connected to a HP switch. 

All was going well when testing, I can ping a dummy device (laptop) fine on the outside switch from the firewall.

But w

How to Configure Email Alerts for System Logs to monitor firewall performance

My Requirement is to configure email alerts so that I will get email notification when my firewall got shutdown automatically , rebooted due to any cause .
Previously I configured high alerts but that was also throwing unwanted alerts so please help m...

Do I need a NAT for traffic to pass??

I have an SD-WAN device at my internet edge that will be doing the NATing for the network. This is so that the device can decide which of 3 ISPs to use to forward traffic. My Palo Altos sit behind this device and will do the firewalling and URL filte

F5 failover connected behind PA

We have two F5 devices configured as active standby behind PA. The issue is on failover F5 failover ARP table on the PA is not updated quickly enough for smooth transition. Is there a way to mitigate this problem and increase ARP update time for that

Panorama VM 8.1.5

Hi all,

just got this case, where the client shutdown the Panorama 8.1.5 for maintenance. But once reboot, and login to the device he will not see the ">". if he performs any commands there are outputs. But the prompt is missing. He reloaded the devi

NTP synchronization issue

Hi Team,

The primary NTP server toward Microsoft NTP Server(172.27.35.111) and also Configured the Cisco router(172.27.9.253) as secondary NTP Server. All the Network device is synchronized with secondary NTP server (172.27.9.253 ) but paloalto firew

troubleshooting ipsec with dynamic side

Hello, everyone,

Currently I have the problem to build an IPSec tunnel between a PA200 (A) and a PA220 (B).
My one side A has a Telekom hybrid Internet connection (its a german product with LTE and cable connection) to a Speedport router. Thus only one