Migrate from Check Point to PaloAlto step by step

Hi guys

I have some document that I made about migration from CP to PA,

Please feel free to contact me if you had some issue with that migration.

If you want the PDF file, please check the following link:

http://zwerd.com/2017/09/05/paloalto-migration.ht

7.1 default behavior changes

So I was reading about OS 7.1 because I am planning on upgrading from 7.0.12 to 7.1 and found some information of the default behavior of app-id

Panos 8 - MAC OS user mapping issues

Hi all, we are using 802.x1 authentication on wired network (MS NPS radius). Windows users authenticated fine, however with MAC user i have big problems, some of them mapped correctly and some not, sometimes half of the traffic mapped and half not m

Domain Prefix Inconsistent in IP User Mapping

I have a problem with IP User Mapping. I has configured IP User Mapping using this article:

https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Configure-Agentless-User-ID/ta-p/62122

But when I list users, I get inconsistent user domai

Finally IPv6 over GlobalProtect, or should i say v6IP?

About 2 months ago I was thrilled to hear that PANOS 8 was coming out and that it would bring us IPv6 inside a Globalprotect VPN. After fixing the "licence issue", i finally came arround to doing the upgrade and eagerly started to configure a tunnel

Headsup: AZURE VPN not comming up again, session discarding

Hi,

I just want to share a problem i have been troubleshooting. I have lots of vpn's terminating on our FW, haven't had real problems until i started to connect Azure VPN's. After a network hickup they usually did not come up again. I had the hardest

Log Card Interface Issues

We have configured a log card interface on one of our 7050 devices for submission to wildfire. This is not working. 

Our testing shows we cannot ping the default gateway conifgured on the interface. If we ping from the router, then no response is reci

HTTP OPTIONS Method

Hi,

I am getting contionous 'HTTP OPTIONS Method' - alert
What is the reason for this

If I have multiple vulnerabilty profile ,I want to exclude this from one of the profile or one of the ip
(I want to ignore this vulnerabilty checking in a profile or ag

Importing firewall configuration from Panorama

Hi Folks,

I've just exported configuration from Panorama. This includes the Panorama config and the XML files for the individual firewalls.

I am trying to pre-stage another firewall that is not managed by Panorama using the config file from one of the

cookie size

Hi,

Is there something  settings related to 'cookie size' in pa

Thanks

IPSec Tunnel PAN to Cisco ASA - matching for phase 2

Do the proxy ID's on the pan side have to match the ACL defined crypto domain on the ASA? That is - suppose on the PAN side you had for phase II of the tunnel 192.168.1.0, 192.168.2.0 and 192.168.3.0 while the ASA side had only 192.168.1.0 and 192.16