Should I use BFD when in active/passive HA with OSPF?

I am setting up some new OSPF adjacencies between my PA and a pair of Dell switches. Should I be using BFD? Will BFD make things better or worse?

What I currently do is set LACP in HA passive state. OSPF graceful failover is configured on my switches

Client IP Connectivity Issues

Hi All,

I have a PA-200 running Version 8.1.0 and providing DHCP addresses to about 175 clients.  The pool is a /24 and recently, the clients have been getting messages stating another device is using your computers IP address.  I've been tweaking th

User-ID Source

Hello,

I have some concerns regarding User-ID information. We currently have internal and external gateways which should be grabbing User-ID/IP mappings. These are critical for RBAC-style rules based on AD groups.

I notice sometimes that my logs have

GlobalProtect - Authentication Issues

Hi all,

Fairly new to PAN and in the process of an ASA migration. Despite TAC/VAR assistance, I'm still having some issues with my GlobalProtect user experience. Fortunately it's not in production yet but the feedback has been inconsistent.

Business

IPSec S2S VPN Tunnel (PAN OS 8.1) using 2 virtual routers - setup working - but how possible ?

Hi,

I've been trying to get an explanation to the following (working) scenario:

I have a PA 220 with 2 virtual routers:

an "inside-VR" virtual router with a L3 interface (i.e. e1/1 - 192.168.1.0/24 - security zone "INSIDE") + a tunnel interface (also

Issue FQDN address with dns records with short TTL

I have configured a firewall rule to allow some servers  to ssh to vs-ssh.visualstudio.com to allow the servers to use ssh to connect to the git repo of Azure devops.

This rule uses fqdn address object to allow the servers to only connect on ssh to t

ECMP + 3 Internet links + Outgoing traffic

Hello friends!

We have now 3 ISPs, we started to use load balancing (all methoeds tested);

Problem: Sometimes, packets from PA220, interface 1/4 (ISP 1),  goes out to internet thru interface 1/5 (ISP 2).

User's traffic with no problem.. But PA220 inte

Local Support for Pan-DB

Hi All,  a client of ours lives in SouthEast Asia and is looking to purchase Pan-DB and wonders if they will need to rely on local support there, which is very spotty.  It looks like this community and the support side of things is very strong.  How

MS Update ActiveX Cab file Denied?

Hello.

I just reloaded a Windows 7 x64 computer.  The first check wants to update the Windows update agent.

For some reason PA blocks it as a ActiveX Cab file.

The first check allows, but the it's denied. (picture attached).

I added a Virus exception fo