HA peer URL Database set to Mismatch

on logs i see 

Running config not syn with passive device

log shows 

2018-11-15 10:51:48.693 -0700 HA peer URL Database set to Mismatch

syn without window-scale option

Hi community, 

i am trying to access a website from LAN side of palo alto, even though correct policy is configured, tcp handshake was not complete. after packet capture i am able to find below points

•  client sending syn packet
• but i am not able to get

Passive node strange behaviour matching rules

Hi,

We have a cluster in PanOS 8.1.2. Suddenly we were reported that several users didnt work properly. We went to the active node and saw this:

In order to solve quickly we decide to do a failover. After that i worked properly.

So we would like to k

Global Protect not working after upgrade

Hi

I have upgraded my passive palo alto firewall to 7.1.20 post which global protect portal is not working.

I'm seeing SSL session cache request comming in from external source. But the webpage page cannot load after adding the exception.

Same works

Management access for permitted IPs

hi

i am trying to add 10/8 as premitted IP subnet in mgmt interface but it seems to not work? anyone else has experienced this?

Home internet acccess with 1gb but...

Hello,

Looking for suggestions and recommendation,  just got an offer from the ISP to upgrade the Internet speed to 1Gig down and 10Mbps up for a very good price.  Except I have a PA220, the spec is good for 500Mbps with AppID and 150Mbps with threat

Destination mac

I was having issues with DHCP being blocked, so I can a packet capture from the PA to see if I could tell was was blocking the DHCP traffic and if it could possbile be the PA. It shows the mac address of the interface on the PA as the source and then

Global protect with loopback ip address and port number

Hello all

We have one public IP address and two groups of users who must connect to Head Office but get different policies

We decide to use loopback ip address and NAT it to the public one but with different port (for example loopback ip 1.1.1.1 and pu

How does an end-user collect logs from GlobalProtect agent when the advanced view is disabled

I want to collect log files from a GlobalProtect agent 4.1.2 but our gateway policy is set to disable the admin view.

By doing this, the user can't colelct any log files anymore.

Is there another way to collect logs ?

Is it secure ?

Hello all

We have configured GP REMOTE ACCESS VPN with OTP  authentication.

Ones we try to connect to Portal it failed to pass at the first time only second time.In Radius server we see that it tries to authenticate first the Ldap account then VPN acco

Cannot Sync Running Config in HA active/passive

Hi All,

I have a PA3020 with 7.0.5-h2 PAN-os version.

I have tried different times to sync manually the running config on passive member without success.

I can clearly see from the Active Member's "ha_agent.log" these errors:

=========================

(