How to Configure IPSec VPN Tunnel when a peer is behind a router without a static public IP

Environment
PaloAlto Next-Gen Firewall
IPSec VPN Tunnel
Topology
PA1 ----- Router ----- PA2

Public IP of PA1 : 10.50.50.50
Public IP of Router : Dynamic IP
Internal IP of Router : 10.20.20.1
Private IP of PA2 : 10.20.20.20

PA2 Private IP is natted by Rout

Shared policy last commit state

Hello -

How long does it take Panorama to update the "Shared policy last commit state" column?  I still see a "failed" even though it committed just fine.

Certificate-Based Administrator Authentication to the Web not work on Passive node cluster

Hello team,

I am configuring a new deployment, "

Configure Certificate-Based Administrator Authentication to the Web Interface"

https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/firewall-administration/manage-firewall-administrators/config

PA-7000 Series PANOS-10.1

Hello,

We have a PA-7050 firewall that we are looking to upgrade from 9.1.15 to 10.1.10-h2. 

We are following the upgrade path provided by Palo Alto however when we upgrade to the recommended 10.0 release or the 10.1 release the entire firewall c

Sending logs to SIEM one file per type

I am an administrator of a SIEM, for this I have usually asked the paloalto administrator to send me the logs via Syslog using port 514 to the IP of the server I administer.

After informing me that the process has been done, I check a specific rout

Error: failed to handle CUSTOM_UPDATE

HEllo,

I am using 5220 series firewall in 2 different DC. versions 9.0.9 and 9.1.6. When I commit on both firewalls, I get a custom_update error. After check now the dynamic updates, I commit again and the problem goes away.

Any suggestion,
Thank you K

User-ID with OpenLDAP

Hi,

I'm looking for a guide or guidelines on how to set-up User Identification with OpenLDAP. I've already set-up User-ID with Active Directory for an other customer but I fail to see how this is doable on a non-Windows machine (no PAN agent).

Any help

cluster PA-5020 migrating to PA-1410

Hi Experts,

We are migrating from Cluster PA-5020 to PA-1410, I have some queries below if you guys can help me out please.

1. For platform migration(PA-5020 to PA-1410), we can just upload configuration files on the new PA-1410, just recheck physica

How to Build IPsec connection without using Public IP at Branch Site

I want build IPsec connection bwtween HQ and Branch Office.

HQ using Public IP with fixed.

Branch Office using Internal IP with fixed. (have one ISP router above firewall)

May know the details setting?

and i need create port forward udp500,4500

SNMP response on two interfaces? Possible?

I'm configuring NetFlow on our PA-5200. I'm collecting the data in What's Up Gold.  WUG has a limitations (it appears) that the NetFlow IP that I use for the IP address also has to be respond via SNMP on the same address.  However, the PA-5200 cannot