HOW TO CONFIGURE NAT FOR SAME IP IN IPSEC TUNNEL

I HAVE IPSEC TUNNEL BETWEEN MY PA AND another SIDE IS CISCO ASA, NOW ON BOTH SIDE THE IP IS SAME. SO HOW I WILL CONFIGURE NAT FOR THE SAME IP? 

Trunking a new switch existing PA (Active/passive)pair

Hello Everyone,

I am having some trouble with trunking. Below is our current setup:

PA pair(vlan 48---x.x.48.254) ------core switch (vlan 48....x.x.48.1) for internal access (trust zone). we have a static route on PA---any traffic to internal network

[PANORAMA][ERROR] Can't use export or push device config bundle feature

Hello,

I got issues using the feature : Panorama > Setup > Operations > Export or push device config bundle.

I try to erase the local configuration of a PA-850 and push the Panorama configuration on it.

I got this error message when I click on push &

Need help on VPN PA firewall to IBM cloud VPN

All,

I am new to Palo Alto World

Really need your Help in understanding how can i create the VPN for the below

1. IBM cloud subnet only 1 subnet so thats okay. 

2. Multiple subnets behind my PA firewall, my question is how to NAT them all to go out?

I

SNMP on Active-Passive HA Cluster

Hello,

I have SNMP configured and working on the Active member of my HA cluster.  i need to set SNMP up on the Passive member, i have made the changes and saved config but it is not working, do i need to commit the config?  if so, would this cause an

GlobalProtect Connection Problems

Hi All

I have had to re-install a user client Global Protect Agent 2.3.3-5 as he couldn't  connect, after re-installing he still cant connect and getting a error message off:

#“(T10576) 02/01/18 13:55:00:745 Debug( 226): CPanSocket::onConnect - retur

How can we manage the Firewalls while Panorama is out of service?

In a scenario with many groups of firewall's centrally managed by Panorama.
The Panorama is running in a appliance without HA.

What we should do when Panorama is outage by a problem and we have to do any change in the Firewall Policies?

Best Regards,

Mar

Decryption policy options explanation required.

Hello Everyone,

I am reading about decryption policy and have some questions in my mind, so looking for some answers.

1- In order to apply the decryption profile, do I need to have action set to decrypt ?

2- what is the advantage if I have a decrypt

Determining failed administrator interface logons from syslog

Hello!

I'm running into an issue. I would like to record failed logons to the administrator interface via syslog but the log format and contents of the logs appear to be exactly the same as those when a user performs a failed login to GlobalProtect Cl...

Traffic in interface tunnel

Hi,

I have enabled QoS in order to limit a tunnel interface to maximum badwith to 50Mbps. QoS is well-applied but the current BW value is not being showed in QoS statistics. What ways are there to know the amount of traffic that goes in a moment thro

How to get the SSL cert (pem format) from Minemeld (On Unbuntu)

Hi Guys,

I would like to import MM cert into Qradar in order to consume feed from MM. where i can get the SSL cert?

Power failure on PA-7000

The PA-7000 Hardware Guide specifies they minimum number of active PS to provide enough power for a chassis depending on the type of power and number of NPCs installed.

For example, if the PA-7050 chassis is powered via 120V AC and has 6 NPCs installe

MS-ISAC Soltra Feed?

Through MS-ISAC we are able to consume a Taxii feed (I believe it originates as a Soltra Edge feed).  Currently this is going straight into my palo as an EDL.

I would like to bring it in through minemeld so I can add other feeds and take advantage