Next-Generation Firewall Discussions

HA Configuration Issue with Panorama-Managed Firewall with reason TCP channel failed ,reverting configuration.

Hi Team,

We are currently facing an issue with a customer related to the configuration of High Availability (HA) in their firewall setup. Below is a brief overview of the scenario:

1. The customer has two firewalls:
2. • One is managed by Panorama (all config

Query about Session Offloading

Hi Team,

How to check the Offloaded session in PAN-OS 10.1.11 ?

In the below image the session is offloaded ?

observing high cpu utilization on daily basis and the main CPU consumers are multiple pan_task processes, each using around 70% CPU, and running cont

below  is  the  output of  show system resources  :  kindly please let me know , is it a  normal behavior or do we need some changes to be done.

top - 06:37:58 up 153 days, 11:11, 1 user, load average: 48.31, 48.22, 40.92
Tasks: 258 total, 43 running,

Vlan extend layer 2 - Pair of firewalls HA (Active passive) in differents Sites

Is it possible to extend a VLAN across two pairs of Palo Alto Networks firewalls in an HA (active-passive) configuration located at two different sites (Site A and Site B), while allowing each HA pair to use the same virtual IP address range?

What are

Cortex XDR EDL

Hi,

We want to integrate Cortex XDR EDL with PANGFW EDL. We did everything with this guide -- https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Manage-External-Dynamic-Lists

After finishing setup we initiated tes

Ha failover for A/A firewall

Hello All,

We have a setup of Active/Active firewall running with eBGP towards  router 1 and router 2 respectively  and static route for  Lan segment (subnet 1 and 2).

eBGP with As-path prepend for subnet 2 at firewall 1 and As-path prepend for subnet

Planned Migration from PA-820 to PA-445 Firewall

Hello,

                We plan to replace the PA-820 firewall with the PA-445. A configuration snapshot will be taken from the PA-820 and imported into the PA-445. After the import, verify whether all settings have been successfully transferred and i

URL filtering or tightening up on GlobalProtect security rule?

I have a security rule for my GlobalProtect, and want to see if I can make it even tighter....

• Source
  • Zone: untrust (outside)
  • Address\User\Device: Any
• Destination
  • Zone: untrust 
  • Address: IP of my interface/GlobalProtect IP
  • Device: Any
• Application
  • Any
• Se

FIPS-CC cannot log into firewall

We have an HA pair PA-440's running 11.1.6-h3 in FIPS-CC

Recently the Active firewall stopped allowing us to log into it or connect with Global Protect using local user accounts.  Neiither the GUI or SSH works - it just times out.  Seeing how its in

Terminal Service Agent with Azure Virtual Desktop

Our organization is moving away from Citrix VDI and exploring Azure Virtual Desktop (AVD).  One of Security's requirements is that we get userID from the endpoints. We have successfully installed the TS Agent on the AVD and can get UserID; no issues

IPSec tunnel throughput drops to 0mbps after some time

While testing for maximum throughput over an IPSec tunnel, I noticed that after a while throughput drops to 0mbps. 

When the test started, both ends of the tunnel had about 4.5gbps throughput total. But at around the 18 minute mark of the test, the t

Internet issues

Expedition not supported/available anymore?

Hello, I heard Expedition would not be improved and in the future partners should rely on PANW professional services for migrations. Anyone know more than me and has an update? 
I also heard from other sources, that Expedition like app would be availa

Palo Alto PA-850 Login Issue After Power Shutdown — Request for Guidance

Hi all,
I’m currently dealing with a login issue on a Palo Alto PA-850 firewall after a scheduled power shutdown. Here's the situation:

• The firewall was shut down prior to the outage

• After powering it back on, I can ping the firewall's IP address and se

RDP Freeze

Good morning,
I have a problem with connections in RDP.

Basically, the client VLAN at the branch office behind a PA450 cluster is experiencing freezes in RDP connections to the HQ servers behind a PAVM300 cluster.

This is all handled by Panorama, and