Proxy IDs between Peers

Hi,

if the remote peer require local palo alto to set proxy IDs, what happens if the proxy IDs at PAN side doesn't match the ones at remote? would this cause any issue i.e traffic gets dropped or does palo alto forward the traffic down the tunnel as

Support regarding query

Hi All,

My current PA support is ASC (Authorized Service Center) where they open a Case on my behalf. How can i change my ASC or transfer my device ownership to some other support partner. 

Pls note: Support is currently valid and active to my existi

URL Filtering Issue with Gaming Category

Hi Team,

Good day to you! 

We are facing an issue with URL filtering. Specifically, we are unable to block gaming URLs through the filtering system.

The customer has a specific user group called the Travel Group, for which a separate URL filtering ca

High availability failover: GARP doubts.

Hey guys!.  First time poster here.

To begin with, I am beginner to PA and learning my way through. I have just reached the HA part, and have a few questions.

In an active/passive deployment, when the Active unit fails and the Passive unit starts takin

Palo Alto Login issue though GUI " ERR_SSL_KEY_USAGE_INCOMPATIBLE " (Solved)

For the last few days, we have been experiencing an issue with logging in to the Palo Alto Firewall through the GUI. We are getting the below error from the browser during login.

what happen when enable logging on high DP load on palo firewalls? - Does it introduce new risk like performance degradation, increased latency, firew

Finding Rootkits in Palo Alto

I was looking for information on finding and removing rootkits on Palo Alto, using the CLI commands. Reinstalling PANos isn't an option for me, but any help would be greatly appreciated. I know there is a rootkit installed, but I am not entirely sure

Paloalto API to get the recommended pan-os version details

Does Paloalto has a API for customers to identify recommended pan-os version details through the API query based on firewall models

Plugin-DLP mis-match on HA pair (HA not syning)

We recently had a firewall failure in a High Availability (HA) pair and replaced the faulty unit. However, there's a mismatch in the Data Loss Prevention (DLP) plugin versions:

• The working firewall is running DLP 5.0.1 with OS 11.1.6-h1
• The replacemen

IPSec Tunnels acting Strange

Version 11.1.4-h7

I am unsure if anyone else has experienced this. We are seeing IPSec tunnels suddenly showing errors in the system logs that IKE phases are just deleting one right after the other and not initializing. Originally one of the tunnels

UserID mapping flags user unknown with single digit timeout secs

Hi all,

I'm using Agentless UserID mapping. Since past 2 weeks, random users are dropped out of ip-user-mapping and unable to browse internet. 

When I run "show user ip-user-mapping all" on CLI:

I get 90% of connected AD users mapped to IP addres

Use of SSL Decryption.

Dear All

I hope you all are doing well.

We recently deployed a firewall with SSL decryption features. Previously, we used F5 WAF for SSL decryption.

Should we use SSL decryption for the new firewall or the previous F5 WAF SSL decryption?

Can I use both W

Vsys1-Vsys2 main-Backup

dears in community 

i have some trouble with the scenario  inside my Palo Alto device and need your support, 

i have two Vsys names (A, B), and each one of them has L3 uplink-ISP Vlan configured on a separate interface and set Public IP on interface

Meta Apps bypassing Captive Portal Authentication

Hi Everyone,

I am asking your expert advise on this issue:

We have an AP in bridge mode that is directly connected to Palo Alto. The firewall acts as the dhcp server and the AP just extends/bridges the network wirelessly. This setup is for Wirele

PANOS upgrade 10.2.10-h9, 10.2.12-h4 and 10.2.13-h2

Hi Experts,

We have PA-5450 and Panorama M-700 running on 10.2.8-h3. We are planning to upgrade PANOS to the latest code in the 10.2.X series. While reviewing the Palo Alto documentation, I found that 10.2.10-h9 is the preferred version. However, t