General Topics

tips for adding devices to the Panorama.

Folks,

We configured a devices some fays back and it is now up and running. Our plan is to add this to the Panorama and replicate the same policies which will act as a template for other devices.

What care needs to be taken so that the Panorama would

...

Resolved! Tunnels status VPN between Palo Alto-3260 and AWS VPC.

Folks,

Typically when we build a IPSec tunnel from the AWS VPC to the on-prem Palo Alto box we get an option of 2 tunnel's from the AWS. I have options of configuring both the tunnels as UP/UP when the end point is something like a Juniper ISG-1000/IS

...

Traffic Logs - Resolve Hostname - Micrsoft Public IPs

Dear Commuity,

I am very new to Palo Alto Firewalls. I saw, that you can check the "Resolve hostname" checkbox when viewing Traffic Logs. Sadly a lot of IPs are not being resolved. I examed a few random samples and notices, the IPs mostly belong to Mi

...

Resolved! Interface Monitoring / See if traffic gets send to interface

I am having a weired issue with a PaloAlto and a Telekom Router.

I configured a specific client address to always use a second Router (with internet connection) to communicate to the WAN.

Everything on the PaloAlto looks good to me but when I plug-in

...

Resolved! Firewall - Interface High availablity

Hi All,

In my scenario, i have single PA-220 for guest access. In trusted zone i would like to keep the interface lelvel (active/standby) high availablity.Interface type as L2. I couldn't do aggregate interface since it's connected to two seperate s

...

FQDN TTL shorter than refresh time

I have a problem with some sites that uses DNS round robin as loadballancer.

As an examble:

vs-ssh.visualstudio.com

This has the TTL set to 300 sec, the PA's FQDN refresh is default 30 min.

So the firewall won't cache all IP's used in the round robin, b

...

Dynamic NAT IP & PORT with STUN

Hello,

Is anyone already configured it ?

We want to use STUN but the NAT seems to be a problem.

David,

Resolved! SAML and GP minimum requirements

Hello

are there any minimum requirements for PAN OS version, GP client version to successfully use SAML for GP client authentication?

BGP flapping every 15seconds.

Upgraded VM-ESX firewall from 8.0.12 to 8.1.4 and seeing bgp flapping to all the 3 peers.

Its happening every 15sec. Checked timer match.

Active/Standby network design and usage as network gateway?

I have some questions on the Active/Standby deployment model. Right now I'm on A/A which requires all network config between the two units to be different since they're both active at the same time. From looking at the documentation, it looks like

...

Resolved! Azure DC : Creating a MineMeld feed from an XML file

Hello

I'm trying to create a mine meld feed that will somehow download and read an XML file (or just read and xml) which contains a list of Azure datacenter IP addresses , which I can use to apply to my PAN firewall.

Any help/direction is apprecia

...

Minemeld Miner Integration with 3rd Party Threat Intelligence using API

Hi Minemeld Community,

I am working on creating a custom Prototype to integrate with 3rd threat intelligence Cloud solution using API integration.

Do we have a generic API custom prototype to use it? and how can i do about it?

Thanks

Darren Ko

...

Resolved! Is it possible to skip 8.0 and go straight to 8.1

Good morning everyone we are running 7.1.x right now and are wanting to move to 8.1.x. Does anyone know if it is possible to install 8.0 dont reboot then install 8.1.x then reboot or do you have to reboot after 8.0 and then reboot after 8.1.x insta

...

Understanding Panorama & Firewall Configurations

Our Panorama server has 3 firewalls connected to it, all 3 are the same model. All 3 firewalls are linked to there own seperate template, template stack & device group. Each template, template stack & device group is linked to only one firewall. N

...

Resolved! RSA, DH,ECDHE - is encryption done in hardware or software

need to know if Key Exchange Algorithms

RSA

DH

ECDHE

of them which take more cpu cycles ?

are they platform specific?

is all of them done in hardware?

Discussions

tips for adding devices to the Panorama.

Resolved! Tunnels status VPN between Palo Alto-3260 and AWS VPC.

Traffic Logs - Resolve Hostname - Micrsoft Public IPs

Resolved! Interface Monitoring / See if traffic gets send to interface

Resolved! Firewall - Interface High availablity

FQDN TTL shorter than refresh time

Dynamic NAT IP & PORT with STUN

Resolved! SAML and GP minimum requirements

BGP flapping every 15seconds.

Active/Standby network design and usage as network gateway?

Resolved! Azure DC : Creating a MineMeld feed from an XML file

Minemeld Miner Integration with 3rd Party Threat Intelligence using API

Resolved! Is it possible to skip 8.0 and go straight to 8.1

Understanding Panorama & Firewall Configurations

Resolved! RSA, DH,ECDHE - is encryption done in hardware or software

B2B VPN IKEv2 Fail with Amazon Private Cloud Peer

Help understanding Asymmetric Path issue

Can't import a certificate via XML API using C#

Unable to download new version

Edit personal information

Re: What is still missing or needs to be improved in PA Next Generation Firewalls ?

CVE-2024-3400 IOC's

Re: Solution for "SSL decryption bypass for Anydesk"

Re: Failed to update content package

Re: Solution for "SSL decryption bypass for Anydesk"

Unlock your full community experience!

Resolved! Tunnels status VPN between Palo Alto-3260 and AWS VPC.

Resolved! Interface Monitoring / See if traffic gets send to interface

Resolved! Firewall - Interface High availablity

Resolved! SAML and GP minimum requirements

Resolved! Azure DC : Creating a MineMeld feed from an XML file

Resolved! Is it possible to skip 8.0 and go straight to 8.1

Resolved! RSA, DH,ECDHE - is encryption done in hardware or software