IPSEC behind NAT

Hi all,

I am trying to enable a IPSEC from PA1 to PA2

However PA1 sits behind a NAT device which I have no control of and the PA outside interface is been given a 192.16.1.X address

I have gone through the following KB https://knowledgebase.pal

Configuration for GUI access through public IP

Hello all,

I'm new to the Palo Alto firewalls and pardon me for my bad English as I'm not a native English speaker.

I'm trying to build the below network we currently have in my workplace in an eve-ng lab.

I'm not able to access the GUI through the a

Security update for Palo Alto 5050

Colleagues, good afternoon,

We have encountered an issue where, due to unforeseen circumstances, we had to revert to the old hardware. Could someone help with updating the security patches? We need to load them onto the device.

Is there a way to downlo

Cyberark RDP sessions aging-out, disconnecting users

We are working on a deployment of CyberArk for identity management.  At this point our problems are not with integrating it for authentication with the Palo.   Our problem is that the connectors for CyberArk in our datacenter are dropping connections

Palo Alto PA-850 basic configuration without any licenses

What can you configure on a Palo Alto PA-850 without any license ? What are the differences between having a license and not having a license ? Also how many licenses are there and if any are required for firmware updates ?

How to trigger a "Response page" on Palo Alto NGFWs using URL filtering & Decryption

Hi All, 

I want to share my experience on very latest configuration I did in my company Firewall infra. With the genAI evolution & most of the companies trying to develop their own homegrown genAI app, it was becoming headache for my Cyber Risk team

Best Practices for Multiple External IP

Hello Community

I have 2 blocks of public IP addresses assigned by our ISP. They are on different networks . They culminate at the single gateway provided on premise by our ISP.

An external  (untrust) port on our 1410 is assigned to an IP address f

Using NAT64 to reach overlapping ipv4 networks

Hello!

My problem is a little more complex than the scenario below, but I'm trying to keep it simple.

Let's say I have a machine "v6client" on an IPv6-only network with IP 2001:db8::10. It's directly connected to an interface in virtual router vr

Any good way to block DeepSeek by PaloAlto Firewall(PA-820)

Could  you tell me a good method to block DeepSeek ? Thank you very much.

Source account mapped

Hi All,

We have purchased an Palo alto 220 series firewall however while registering the devices we are getting an attach error. Can someone help me to identify how can i know where my device has been mapped.