Dual WAN (ONE ISP and MPLS link)

 Hello All,

Need your help/guidance on the following requirement

We have 2 WAN links, One ISP with Static public IP and  MPLS connection for Internal server access.

Requirement: 1) All the Internal users (Trust Zone) has to go through ISP Wan for Int

GlobalProtect Client is not Connecting

 Hi there , 

i'm new here , hope i get a reply  

i'm using an ipsec tunnel between two site .

in the second site i'm not able to use the globalprotect , he cannot connected .

but , when i change the desktop dns to 8.8.8.8 it worked . 

any solution !

Best practice for applying list of IP's to a security policy.

Hello,

I'm trying to identify what the best way of applying a list of datacenter IPs to one of our security policies.  The list has about 150 IP's and I'm apparently unable to paste the list of IP's into an address group as it gives me an error notic

Non-reordered IoC feed

I have an IP IoC feed that I would like to ingest and re-publish via MM.

The feed is ordered by priority i.e. earlier addresses are newer\more active\higher risk, but if I ingest and publish (miner -> output) it is re-ordered by numeric order.  Is

Using Minemeld to mine Adobe Creative Cloud addresses?

I saw this link where someone was looking at this same type of thing I am trying to do but I have not seen someone actually create the miners for Minemeld w/ Adobe. I am looking at their GitHub on how to create a miner for them myself, but I figured

Decrypt Port Mirror problem

We have decrypt port mirrior license on our PA-850

But under interface types we can not see the Decrypt mirror type interface

The Pan-os version is 8.0.8

VPN tunnel to a firewall NOT internet facing

Hi,

I have a scenario with two sites which has two sets (HA) of firewalls, external and internal. So external handles everything internet and behind the internal the datacenter resides. Clients are in between.

We have MPLS between the sites which ter

Filtering the monitoring log fails endlessly

Pretty often seemingly simple monitor filters seem to get our PA devices in an endless loop.

For example:

( rule eq management_services ) and !( addr.dst in a.b.c.d ) and ( app eq ms-sms )

will never succeed. The fitering start running, shows a couple

Importing PA200 configuration to PA220.

We are planning to phase out PA200 firewall with PA220 .

PA200 firewall is running PAN OS 7.1.14.

PA 220 firewall comes preloaded with PAN OS version 8.0.X.

My concerns is, Can we directly import the firewall configuration  (device state) from PA200 to