Feature Request: ECMP Path Monitoring

We are currently using ECMP to load balance to our two ISPs. Which works great. However since there is no path monitoring(Unless you set static routes). If something happens upstream and your peer doesn't go down the PANs will happily keep sending da

DHCP options and PXE boot

Hi,

we have just recently made a change in where we moved clients from one segment to a new one. We are using WDS for PXE boot and the WDS server (MDT 2013) is on a different segment than the clients. The Palo is our DHCP server for clients and we ha

Global Protect

I have defined a closed VLAN that has no internet access, and it can only communicate over the LAN. In the same LAN, there is a Global Protect portal configured. The clients can ping and access the portal's web page, but the Global Protect applicatio

static routes for 2 wan links with DHCP dynamic IPs

Hi everyone,

I would like to ask for some assistance in my configuration, the palo alto firewall has been so far a pretty frustrating experience, I guess due to my lack of knowledge of Pas

i have 2 wan dhcp dynamic ips links

I would like to imp

Site to Site VPN issue

Hi,

We have 3 sites with Palo Alto PA-415 devices.  Site A is the headquarters, and Site B and C need to connect with a site to site VPN to Site A.  We have Site A and B connected, but site A and C won't connect.  We setup the VPN connection the sa

using expect script to execute command on palo alto firewall

Hello, I'm using the code below to get ha state on my palo alto firewall but the output is not ok, there is a loop one the command and extra output caracters.
I'm using it with ansible in this scenario: ansible connect to a jumthost that execute this

GlobalProtect login window pop-up frequently

Hi All,

Globlal protect login window pop-up frequently after  entering credentials.  i am using GP version 3.0.3-7.

Is anyone have faced similar kind of issue?

PAN VM Security Policies -

I have setup my VM on a  single desktop with 4 NICS to connect to different subnets and security zones and to have different interface setups for the VM. Two other desktops have NICS with different subnet scopes. I have created a rule to test ping tr

Source user information is intermittently not visible in the traffic log.

he agent is installed on the ad server and user information is mapped and confirmed. However, source user information is not visible intermittently in the traffic log. This occurs even when it is the same application and the same external address. I ...

How API to work with PA

Hi We like to set up API for palo alto and review related documents. I found there are a lot documents on API. but I am not familar with API in PA and do not know which documents is good for beginner to kick off. Anyone can share some documents link

Checking NAT Pool Usage from the GUI

Hello community,

I'm wondering if there is a way to check the usage of IP addresses in a NAT pool from the GUI and/or from Panorama. I'm interested in seeing which original IP addresses have been translated and what is the translated address.


The CLI

FQDN Object in Policy - not working but FQDN seems to resolve properly

I've never had the opportunity to use or need to use an FQDN in a security policy before but my first attempt to do so does not seem to be working. I'm trying to use an FQDN to restrict IPSEC/IKE traffic from a Virtual Network Gateway (VNG) in Azure.