Next-Generation Firewall Discussions

"Use Default Browser" option not showing in Strata cloud manager

Hello Team,

We have client firewall managed with strata cloud manager. We were trying to use the default browser for SAML authentication. When we checked that option on firewall under GlobalProtect Portal > Authentication >"Use Default Browser" it wo

Frequent flaps with DPD timeout between a Palo Alto device and AWS VPN.

I have been experiencing frequent flaps with DPD timeout between a Palo Alto device and AWS VPN.

Do not Palo Alto devices go well with AWS VPN ?

Are any specific settings needed to be taken care of for stable connection to AWS VPN ?

Palo Alto Explicit Proxy Traffic Issue

Hello Team,

We have configured the Palo Alto firewall as an Explicit Proxy using Kerberos authentication in alignment with the Admin Guide. However, we’re noticing that the designated traffic is not routing through the Proxy as expected and is failing

Issue with Intermittent Blocking of ChatGPT URL-Not-resolve

Hi Team,

I’ve noticed that in my environment, the chatgpt.com URL is intermittently categorized as unresolved and is being blocked.

For your reference, I am attaching a snapshot highlighting this behavior.

Please let me know if additional informa

Device transfer query

Hi All,

Facing below error while registrating the device.

" Device and support code do not match support account. Please contact super user to send you a registration link for approraite support account."

Also what could be the steps to device transf

Firewall sizing tool

Hello, is there any firewall sizing tools which i can download where i can measure which firewall fits best to my request, by traffic pattern feature use

FQDN resolution mismatch

I have a connection to a destination FQDN allowed via Palo Alto firewall PA 440.

Palo alto shows a different IP to the FQDN than one on the host machine when I do a nslookup. 

Connection to the destination is getting reset Please advise on the steps an

PA-1410 - secondary IP unreachable

I have an issue where the secondary IP-address is unreachable on PA-1410.
The deployment looks like.
2 PA-1410 HA (active/passive)

Aggregated layer 3 interface with sub-interface (vlan tagged)

Management profile allow ping only

Firewall policy is allow

Factory 5220

There are two drives on the 5220. The factory reset for version 10 says to select maintsys-root1 and reset. Why not root0 as well. The device has two drives so wouldn't maint-syroot0 need to be ran as well? It looks like the drives are setup in a r

License and dynamic update query

Hi All,

I have panorama integrated Palo Alto devices and need help on below query

1) Can we perform dynamic update of Palo alto from devices itself instead of panorama. Does this practice unsync the Palo Alto from panorama ?

2) panorama having only ma

User ID version compatiblity with PAN OS 11.1

Hello,

Anyone know if the the user ID Agent 11.0.1 is compatible with PANOS 11.1.x ?

Thanks

NTP Not synced but got time-learn in Logs

Hi Team,

Ntp not synched but got initiate time-learn in logs.

>show ntp

ntp not synched, using local clock

status : rejected

reachable: yes

authentication-type: none

Have tried to set it to public server still the same. And also when try to set ma

Design suggestion

Hi All, 

I'm from network team not Firewall team. Presently we have ASA FW which we are planning to replace with two Palo's. Presently we have one WAN link going to the FW and one link to LAN router. Now how to connect two Palo's when we have one WAN

PA 5250 Factory Reset failure

Hello,

I wanted to reset a PA5250 via CLI. Nothing special. However, this was aborted at 0% with the message “Factory reset failed”. After the error, I am no longer able to access the CLI, as the message appears permanently as soon as I write somet

HA (active Passive) 10.1.X to 11.1.X upgrade path

Hi,

 I will upgrade a paranoma VM in 10.1.5 and a pair of managed firewalls in HA Active passive from the same verstion to 11.1.X

This guide indicates I need to go through every feature release when upgrading HA firewalls:

"When upgrading HA firewalls a