Office 365 access issue

Hi Guys, we have a problem: if a pc is in the lan, behind the firewall, we are not able to log in to office365, but if we use an external connection it works.i don't see any log with application containing 'office'We have not decryption enabled, PA-3020 with 7.1.14 Do you have any hint?Regards,Daniele

Palo Alto 5250 - Configuring HA between vsys

Hi, Is it possible to configure two physical Palo Alto 5250 in Active - standby mode while distributing the load for Vsys across both the physical firewalls. For eg.I have two physical firewalls - PA1 & PA2I have 6 vsys in each firewalls - Vsys1, Vsys2, Vsys3, Vsys4, Vsys5, Vsys6 Is it possible to have the below mentioned setup? PA1Vsys1 -...

ECMP Config for 2 Internet links Site (Dual ISP)

Hello Everyone! Site with 2 X PA500 in HA2 Internet LinksPANOS 7.1.16ISP1 - 187.190.74.22 (internet dedicated)ISP2 - 192.168.0.66 (DSL link) Config doneVirtual Router 1 - RT-LANVirtual Router 2 - RT-WAN @RT-LAN0.0.0.0/0 points to next VR "RT-WAN" @RT-WAN0.0.0.0/0 points to 1/1, next hop 187.190.74.1, metric 100.0.0.0/0 points to 1/2, next hop 19...

Problems after RMA

hello After RMA the device we had prepared new device.Updated software and APPs and Threats signatures and also other signaturesThen imported the old config.But there are many problems.First time after time it is impossible to update dynamic updates (wildfire,antivirus and so on).Only after dateplane restart everything works but for awhile and t...

Connecting to Management GUI remotely on a different port.

I have a PA500 offsite that I manage remotely by connecting to the outside interface IP address, let's call it 188.1.1.1. My issue is I want to also set up a Global Protect SSL VPN gateway and the only IP choice it gives me is the outside interface 188.1.1.1/28. If I configure that then I can no longer reach the Management GUI remotely. Is there...

SNMP aged out

Dear Guys, I have a WAN router where we are trying to do a SNMP read only, but it keeps saying aged out. we have different devices as well which are working but SNMP on this router doesnt seem to be working.How can i prove that it is not the issue with Palo alto but on the remote side .The Service provider is telling us that we are sending the ...

can we send bro ids log to qradar Ibm?

hello every body , i have a project when i shall send the bro ids log to qradar Siem ,i want to know if it is possible or not

Is there a minimum upload and download speed required for Global Protect to operate?

I have a group of users that use Sprint and Verizon hot spots in order to establish a VPN connection from a remote location to our corportate network using the Global Protect Agent. Some of the hotspots are experiencing a 2-3 Mbps upload and 2-3 Mbps download speeds. The users at these locations are experiencing VPN disconnection issues such as ...

Qradar couldn't connect MM Taxii output

Hi Guys, It seems issue happend at Minemeld side. This is error from Qradar Threat Intell app "There is a problem connecting to the TAXII server. Verify that the TAXII server is available. Get list of collections failed." This is error from Minemeld (/opt/minemeld/log/minemeld-web.log)"POST /taxii-discovery-service HTTP/1.0" 200 1658 "-" "Qradar...

Slow throughput on newly installed PA-820

Hello all...I have a newly installed HA pair of PA-820. Our ISP circuit is 50Mbps/50Mbps. Testing from a LAN pc, I am only able to download a max of 14Mbps using speedtest.net or speakeasy.net. I have called Palo Alto support and they suggested setting up QOS on my WAN interface and setting the speed to 50Mbps on the interface. The slow downl...

PAN-OS 8.0 Upgrade Blocking Nexflix

I recently upgraded my home PA-200 to PAN-OS 8.0.1 from 7.1.7. All seems fine, except that from two Samsung smart TVs Netflix streaming is affected. A diagnostic test on one of the TVs shows that the app is able to connect to 1 of 4 Netflix servers only. Strangely, I can stream Netflix to a Chrome browser on a Windows 10 machine without issue...

QRadar Fails to populate CIDR value in the Referenceset while polling from minemeld

Zone available in template stack but not available in policy

Issue Description Specific zone which created in global template is available in one stack but unavailable in other, though this global template is part of their stack. Config detailsEach firewall has their own stack, template and 1 common global template zone created on global template is available on both stackspa_3050_stack(firewall1)pa_vm(...