Running config not synchronized - Sync to peer

Hello ! 

We encounter a problem on a power supply on one of our Palo Alto. Since power supply replacement, we've the message "Running config not synchronized  - Sync to peer" but i've one question : Is the active firewall configuration will be pushed

Passive firewall initiating syslog connection

We've syslog configured on devices with tcp protocol on port 515. Our passive device syslog connection is breaking every 300 seconds. Can you help in understand why passive palo alto not sending keep-alive?

Sanity Check on a VPN Design

Greetings all,

I've been asked to set up a secure desktop for one of our departments.  The desktop will need access to a few on premises resources such as DHCP, DNS, and AD but, otherwise, it has to be restricted to allow connectivity only to a speci

Dual ISP ecmp, Failover, VPN and global protect

I want to configure my internal network to go dual isp with ecmp, isp Failover , VPN Failover and gp.
If anyone have any idea?

User identification error with AD

Hello everybody!

I have a problem with user identification and accordingly with security Policy.

In different computer, the same user is seen "user" or "domain\user".

The rules for work must have both type of user format. This is a big limitation.

Where

Microsoft Active Directory DCSync Attempt Detection Vulnerabilitiy

Today I got many critical alerts from Palo Alto Firewall.

Threat Type: vulnerability
Threat Name: Microsoft Active Directory DCSync Attempt Detection
ID: 54406
Category: info-leak
Content Version: AppThreat-8010-4662
Severity: critical

Does anyone has the

SAML for admins auto login or redirect to idp?

I've successfully  configure SAML with a Shibboleth IDP for administrator access, however, the login process still requires two clicks : One to select SSO, and another to continue without a username. I'd like to provide a better user experience for a

Allowing SSL and Web-browsing on dependent applications open unwanted Internet Access.

I have created a rule which requires access to Adobe-creative clolud. This application is dependent on SSL and web browsing. Setting this rule to allow aslo grants access to websites like Amazon.com or general internet access.

Is there a way to make i

Captive Portal can't redirect HSTS Session

Hi All,

i want to ask you about HSTS Session,

i just installed Captive Portal with Transparent mode because Palo Alto run in Virtual Wire mode, but Captive Portal can't intercept https session.

based on article : Captive Portal Not Working with HTTPS S

Does VM-Series support AHV (Nutanix's Hypervisor)?

AHV is the Nutanix's Hypervisor that its custom base-on KVM Hypervisor.

I've tested run vm-series on AHV and its working fine , but Paloalto official support or not?

Thank you.

PA-3020 doesn't recognize Youtube application-based policy originates from Android systems .

Hello ,

We have PA-3020 has a defined policy that deny any YouTube traffic , but unfortunately the FW doesn't recognize Youtube application-based policy which originates from Android phone and pass it as allow  . I appreciate your comments if I can fi

OS 8.0 and Global protect VPN

I thought I heard earlier this year that there could be issues with the global protect VPN that are caused by upgrading to OS 8,0