Layer 2 network extension

Is it possible to extend the layer 2 network over the layer 3 network to the other site using Palo Alto

Basically I am trying to extend the VLAN to other site. Not sure if this can be achieved with Palo Alto. Any suggestion are welcome

Running 11.1.2 in production

Hi everyone

I read that 11.1.2 is now the preferred release for 34xx, and desiring to upgrade due to some of the new features, I find myself concerned about this known issue:

PAN-224763 - A TDB engine version mismatch issue affecting all firewalls,

NIPS

How do we identify NIPS logs among Paloalto Firewall logs ?

Firewalls communicating to public IPs on Management Interface

We are currently seeing the Management Plane of our Palo Alto Firewalls communicating to the following IP-Addresses:

• 34.96.84.34
• 107.178.249.217
• 35.238.108.32 

This communication occurs on different Platforms. We see more activity since PAN-OS 10, curr

AWS-Palo VPN Phase-2 Rekeying

HI Team

We have an issue with AWS Site to Site VPN, where we can see continuous rekeying of Phase-2 tunnels. It's a PA-3220 HA pair. It started happening recently as we can see previously the rekey did happen only after the Lifetime expired (Phase-

Can't use existing 'Object Group' in new Policies on 11.1.2

I'm converting from ASA to the PA 3410 running 11.1.2 code.
I am frustrated by the fact that every time I write a new policy/rule, I cannot use an already established 'Object Group' as the code forces me to make yet another new "Obj Group' even if it

User-ID Redistribution Agent : Close Connection to Agent

I am getting high severity alerts for user id connection agent Failure - Redistribution Agent <Agent Name> (Vsys1):Close Connection to Agent. Would appreciate if anyone can help me understand the log to check if the issue occurred due to firewall or

Need to upgrade PA 440 Firewall

I need to upgrade PA 440 from the software version 10.1.6-h6 to version 10.2.8 can you please provide me the plan.

Palo Alto PA 5220 running on 10.1.10 H2 is not mounting /dev/sd9 partition

When we booted up the firewall we're getting an error that AutoCommit failed to complete. This was seen while mounting the raid partitions, specifically /dev/sd9. After referring the documentation existing on Palo Alto community, in the link https://

Show IPsec tunnle uptime duration

how we can check IPsec tunnel uptime duration on PA as like on ASA we can see using show vpn-sessiondb detail l2l.

Regards,

Sufiyan

Planning to set the API key lifetime rotation - Authentication settings

Hi Team,

I have configured the API key lifetime which is set to never expire. Based on the advisories I am planning to set the key lifetime rotation.

The question comes to my mind is, if I setup the key lifetime rotation will it impact the existing