How to configure GRE over Ipsec

Hi team,

How to configure GRE over Ipsec between PaloAlto and cisco Router using ospf? I need sample document for configure?

If anyone did it before please share... I checked whole live community but there have no exact configuration.

Thanks

Al

Unified Log Timeout Field

PA14010, PANOS 11.1.x. Have TCP and UDP idle timeouts configured for 900 seconds globally, and as high as 86400 for some applications. Development team would like to see when the firewall enforces timeouts, as they think the firewall is causing failu

L2L IPSEC Tunnels - How Often Do Initiators Attempt to Init?

How often or where are the timers that dictate how often PAN-OS attempts to initiate/attempt IPSEC tunnels when first created, after reboot/power-loss, network loss, etc.?

Thank you!

Mike

Paloalto FW HA(Active/Passive) OS Upgrade Procedure 10.1.X -> 11.1.X

Hello

I have a question about upgrading the Palo Alto Fire Wall OS.

From the 11.1.X version, we've seen that you can upgrade right away without a 10.2.X or 11.0.X install.

ex) OS Upgrade(10.1.13-h1 -> 11.1.5)
I ran the test on my Standalone firewall (1

The NGFW User-ID and Terminal Server (TS) Agent Self-Signed Certificate expiration

The NGFW User-ID and Terminal Server (TS) Agent Self-Signed Certificates will expire what is the  action needed(PAN-OS 11.1)

PaloAlto Firewall and Cisco Expressway integration with NAT Reflection

In Cisco Expressway Series with Single NIC Deployment, the Cisco Expressway Core must be configured to point to the Fully Qualified Domain Name (FQDN) of the Cisco Expressway Edge, this FQDN must be resolved to the Public IP of Cisco Expressway Ed

Question regarding source NAT in S2S VPN

Hi All,

I need to create a S2S Tunnel to a customer. We need to reach 1 Server on their side (e.g. 192.168.100.1). The connection is needed from multiple Hosts from 2 different Subents on our Side (10.0.112.0/21 and 172.18.2.0/24). The customer does

PA-220 / PA-440 DNS

I am wondering if my server dies, can I host DNS on my PA-220 or PA-440.  This would be great and would not have to have physical box anymore.

I need to upload response page

I am currently in the process of planning to upload a custom webpage to my Palo Alto device. However, I would like to automate this process through an API call. I have the HTML content for the webpage stored in a variable and I would like to upload i

Can I use a certificate from another device in my decryption policy?

Hi

I plan to apply Vunerable Protection to the customer's firewall and at the same time decrypt outbound traffic.

However, the customer's network environment already includes encryption and decryption equipment.

And the customer wants to apply the

Block Surfshark VPN

Hi All,

We have a block for Proxy Avoidance and Anonymizers on our DMZs. But we are able to see that the users can access Surfshark VPN on our SDWAN.

Also, I am unable to see any logs on the firewall.

Could anyone please help me on how we can b

PAN-OS-11.1.2-h3 - No incomming traffic after upgrade

Hi,

We recently upgraded our Palo Alto 1410 Firewall to PAN-OS-11.1.2-h3 from PAN-OS-11.0.4-h1.

After Upgrade there was no incoming traffic from external networks. There were no hits or logs showing incoming traffic.

Internet Outbound traffic was g