To all, Just wanted to post a message about the Hot Topic right now, which is Covid-19. With all of this going around, everybody's health and safely is the utmost concern. Keeping your hands clean, washing your hands (A LOT), using hand sanitizers, a...
i am able to establish tunnel with vendorcan ping the vendor lan ip but ikemgr shows2019-05-02 13:01:54.000 -0600 [PWRN]: { : 94}: phase-2 sa purge mismatch SPI:0x00000000/0x07A04C1A.
I have to create a VPN tunnel between two businesses. The main objective is that company A needs to provide access to the following subnets to company B: 10.10.1.144/2810.1.2.144/28 I've got all the tunnel info set up, and there is just a public IP a...
Hi , can anyone help me to confirm whether we can create shared custom policy for dedicated device group context
Hi all - I'm querying for objects (address objects, say) and my response looks like this: {"addresses":{"@status":"success","@code":"19","result":{"@total-count":"7","@count":"7","entry":[...snip...]}} When do total-count and count differ? Is this so...
I am testing DoS policies and have alarm rate set as 1. I did not intend to be that low but I was not seeing logs under monitor for a server that is continuously used. There are flood logs from Zone Protection and they use a different log forwarding ...
Afternoon all! I'm sure this is easy on our PA850 firewall but I can't figure it out. Interface setupethernet1/1 - Internal networks - Zone LANethernet1/5 - Primary internet line with /27 IP range - Zone WANethernet1/6 - Secondary internet line with ...
All,Is there a tool to migrate the configuration of a 5050 running 8.1.11 to a 5220 running 9.0.x? Regards, John
From the tcp dump at the server end, I am seeing a lot of traces on TCP Dup ACK, retransmission and out of order being flag out at the pcap file The connection made is via VPN client to the Web Application server. Tried few scenario where we access d...
Hello, I'm looking for information on how to migrate from a PA-7050 to a PA-5250. Is there any best practice documentation on how to make this transition? I am looking for the steps to migrate. I have migrated PA-500's to PA-820's, but haven't done t...
I monitor the following parameters with SNMP V3 using PRTG:pan zone active other ip cpspan zone active tcp cpspan zone active udp cpsSince the upgrade from 9.1.7 to 9.1.8 these parameters can no longer be read. After downgrading to 9.1.7 it works aga...
We are setting up a single pane of glass to monitor multiple systems. The software uses a web browser and iframes to connect to the other systems. Some sites work and some don't. The PA 7050 firewall console in particular returns a "refused to connec...
I appreciate you being able to advise me on updating the software version to which i can safely upload and according to our PA-3020 HA equipment model, we are currently in version 8.1.15-H3. Regards,Steven Herrera
Hello to All, Is it possible to set the Globalprotect Always-ON mode enable Single Sign On, so that the user automatically logs into the portal but after that the user to need to authenticate to the gateway? The idea is that for the portal and gatewa...
Hi, I'm brand new to PA firewalls. Have a new pair of 3220's in active-passive HA. This is not in production. We are using them to learn on and eventually, hopefully later in the year move to production, replacing an active-passive Cisco ASA. I have ...
I want all devices on one of my interfaces to use my DNS servers, regardless of their configuration. Seems pretty simple, but I'm stuck.I can edit and OK/OK out of the DNS proxy dialogs (PANOS 4.1.2), but commit fails with "Inheritance source needs t...
on:
General question about firewalls
on:
How to identify high dataplane CPU
on:
Limiting users access in palo alto firewall
