Next-Generation Firewall Discussions

PA-440 is showing to Panorama and won't allow removal

Currently have a PA 440 acting if it's still talking to a panorama server which it should not have ever have, I think it may have been due to an issue when I bought last year new. I'm not sure I've attached screenshots for suggestions complaining abo

PA 3220 40Gig port

I want to use port 21-24 for 10G connectivity.   Per the Data sheet these ports are 40G. Can  I configure them to operate at 10G?

Thank you,

Ahmed

Active/Passive connection with Cisco Stack switches

Hello

I would like to have confirmation. I need to connect my Palo Alto cluster firewall (active/passive) to a Cisco stack (with 2 members). 

If I want a fully redundancy, I need to create, on a each firewall, an aggregate with 2 interfaces and eac

Schema Node for xpath

For PANOS Firewall, I am using ansible to configure the firewall settings.

The YMAL code i used to set the login banner is:
- name: Set login banner
  panos_type_cmd:
  provider: '{{ provider }}'
  xpath: /config/devices/entry[@name='localhost.localdomai

Global protec

Hi Team,

Good day to you !

We have one customer he facing issue with the Global Protect VPN. The VPN disconnects unexpectedly, and after each disconnection, we need to remove and reinstall the VPN client.

Could you please help us address the is

Management CPU 100% - 50 report Active..

Hello.

I've a 5220  PANOS-10.1.11.

Since Yesterday the Management CPU is 100%.

top - 09:46:04 up 119 days, 10:19, 1 user, load average: 3070.40, 3070.13, 306
Tasks: 3363 total, 1 running, 3255 sleeping, 0 stopped, 1 zombie
%Cpu(s): 2.2 us, 2.2 sy, 0.

System logs are not being sent to CDL

Hello guys,

Need a small help. We faced ab issue were even after we have set the logs to be forwarded to CDL, the system logs are not being sent to CDL.

Can someone help me with why this could be happening

PA-3401 and PA-5410 at HA with virtual wires interface need restart to be up

When I deploy high availability PA-3410 and PA-5410 with virtual wires configured in the interface, I often encounter situations where the virtual wires interface of the second firewall added to the high availability group cannot be UP after the firs

Unused PA820 firewall support contract renewal(support contract ended 1 year ago)

 We have a pair of PA820 firewalls which are unused for year since the office closed in USA. We have shipped those appliances to one of our Switzerland office to reuse. I heard that paloalto cannot renew the support/subscriptions for these devices si

Limiting Whatsapp policy

Hey there,

So we're looking into allowing Whatsapp app and calls in our Palo Alto. In order to allow calls we had to open the following applications- whatsapp, rtcp, rtp-base and stun (as Whatsapp depends on them).
However we didn't manage to limit th

downgrade process from 11.1.2 to 10.2.8 ?

what is the downgrade process from 11.1.2 to 10.2.8 ?

expedition tool query

Hi All,

Wants to migrate From Cisco ASA To Palo alto using expedition tool. Need to know is it free of cost or any subscription need to purchased.

Identity collector on Palo alto

I have a question about a Checkpoint feature that I have to move on PA.

ATM the Checkpoint use an agent called "Identity collector" to gets all user connected to the AD and populate the internal firewall table with User - IP.

How it works now with CP