NGFW 1400 Series LACP / Failover issue (11.1.5)

This is a notification for anyone running 1420 boxes in a high-availability (HA) configuration in their environments >11.1.4. We recently encountered significant issues with our NGFW operating in HA mode. Specifically, the HA setup failed on the acti

Palo Alto T-Q28-100G-S4 and PA-5450 with PAN-PA-5400-NC-A

Hey everyone,

I am working on a project to integrate Cisco Catalyst 9500/Nexus 9300 switches with Palo Alto PA-5450 with PA-5400-NC-A cards using 100G QSFP transceivers. Specifically, I was testing with below transceivers.

• Cisco QSFP-100G-SR4-S

High Data Plane Utilization During Business Hours

Hello,

We are experiencing an issue that is becoming hard to isolate, our end users noticed network slowness about a few days ago.

During Isolation and investigation it led us to our NGFW PA-3260's.

This causing extremely High latency when reac

PAN OS integrated Use ID agent Server monitoring Status Showing "Access Denied"

Hi Team

Pan OS Integrated User ID is connected with one of our DC server with out having any issues while configuring in the other DC servers we are getting the "ACCESS Denied" in the server monitoring.

While seeing in the 

>less mp-log useridd.l

Cannot Access Primary in HA Pair – Need Failover & Recovery Advice"

**Subject: Unable to Access Primary Firewall in HA Setup — Need Guidance on Failover and Recovery**

Hello Palo Alto Community,

We are currently facing an urgent issue with our Active/Passive Palo Alto firewall setup:

Palo Alto Model:PA-3220
VERSION:10.2.

Issue with allowing AnyDesk on a no-internet policy

Hey,

I have a need to block all internet traffic at a specific site.

I have created specific policies to allow needed services,

and at the bottom of the policy, I have added a drop all.

I have created a URL category for *.net.anydesk.com

and allowed

Performance impact of using higher DH group for site-to-site VPNs

“Clarification on the meaning and performance implications of ‘Integrated Crypto Assistant’ for PA-1420 IPSec VPNs”

Hi all,

I’m working with a PA-1420 appliance in a site-to-site VPN deployment and I’d like to better understand the hardware/crypto

Limit User-ID Agent queries to cerain Windows event-IDs

We have been using PA-User-ID Agent for years an it was working fine. The Agent is connecting to Domain-Controller Log and maps user-name and ip-address of successful logins for firewall-policy usage.

Yesterday we changed GPOs on the Domain Controlle

Palo Alto Firmware Downgrade

I want to downgrade the firmware of PA-410R from 11.1.4-h7 to 10.1.10-h1. I am trying to access the support portal, but it's not accessible, and I cannot even reach the help line numbers. I want to integrate the firewall with the existing Panorama wi

Request Advice – BGP Failover Route-Based IPsec VPN With WatchGuard (WG)

Hi Everyone,

I’m looking for guidance on the best-practice way to set up redundant route-based VPN tunnels using BGP between a Palo Alto firewall (PA-VM) and a WatchGuard firewall. The goal is to implement primary/secondary failover with dynamic rout

How to migrate PA 3220 config on PA 1410

We have 3220 appliance and we want to migrate configuration to new 1410 appliance. Please provide link for migration tool