Panorama/Palo Alto Design Query

Greetings Folks, I have a Design and deployment Question. Our company have 3 Data centers located at three different Geographical Locations. We have a project to deploy Palo Alto 5200 Series Appliance in the environment as IPS appliance, Now we Have the count of 8 appliance in the Environment, So if i am to use the pa...

List of application where PA skips credential detection

Hello. PA supposedly doesn't check credential submission on some apps. »The firewall automatically skips checking credential submissions for App-IDs associated with sites that have never been observed hosting malware or phishing content to ensure the best performance even if you enable checks in the corresponding category. The list of sites on w...

Can someone provide a detail difference between the terms custom application and custom app-id?

Native VPN client

The native client on my windows machine does not seem to be authenticating against my radius/otp/ldap server and my globalprotect client is getting through the portal but failing on the gateway. Any ideas why or how to track it down?

heartbeat connection

What is the best way to set up a heartbeat connection between and active and passive pair of firewall. We currently have a PA 5050 pair, in different buidling quite a distance away from one another and the heartbeat connection is through the network via ethernet and a switch. We have had it go into a split brain situation when power is lost on o...

GlobalProtect for User-Id Without Auth?

Hi All! We're an all-Mac shop, but we use AD for authentication (for now). GlobalProtect "External" is working great for external access, with authentication to AD. Now we'd like to map IP to Users INSIDE our LAN. My primary goal is to link URL Filtering alerts and other threat analysis to a specific user.Perhaps a naive question - When talk...

Palo Alto Layer2 mode and brdige vlan in different subnets

Hi All Can Palo Alto bridge two VLAN like VLAN 10 and VLAN 30 that have different subnets? or both VLAN should have same subnet? Basically what I want, I have VLAN 10 having subnet 10.10.10.0/24 and VLAN 30 having subnet 192.168.1.0/24. Both VLAN have gateway on core switch. How can I use Palo Alto firewall in layer 2 mode to do the firewalling ...

Is it possible by PA

We have a task where users should access to Internet by username and Password.I guess it is PROXY concept but is there any alternative in PA?

Generating custom reports from system logs

Hi! I need to generate weekly reports from the system logs. We need this for compliance reasons, and we have to filter out events that are logged to the Panorama system log from several firewalls. The custom reports only allow me to choose from specific databases, but not from any of the log sources, is there any way to get this done? Thanks in ...

critical general general 0 "mgmtsrvr - virtual memory limit exceeded, restarting"

Is it possible to see this critical error in an mp-log file or is it only viewable in the System Log or a syslog output?

Prevent admin from acquiring commit lock when another admin has lock

When Automatically Acquire Commit Lock is enabled on Panorama 8.0.10, is there a way to prevent an admin from creating another lock while a different admin already has one? We use shared objects almost exclusively and with four administrators are often in situations where multiple locks are getting created. This leads to reaching out to the othe...

Case severity

I put a case in to tac rated high and they put it on hold for 2 days so they could attend training 😮