sometimes the policy matched the multicast packets and sometimes it didn’t when each packet had the exact same source/dest IP and source/dest port?

 sometimes the policy matched the multicast packets and sometimes it didn’t when each packet had the exact same source/dest IP and source/dest port?

Some multicast traffic is allowed but other packets are denied. We need to understand why there is

site to site ipsec vpn issue

PA 3260 and VM 300 set site to site  ipsec vpn, The Ipsec vpn had been working.But from two days ago ,

it wasn't working ,can you help me to check it ?

admin@tfw001> tail follow yes mp-log ikemgr.log

tail follow yes mp-log ikemgr.log
2022-10-08 19:1

Palo firewall routing

Hello. New to Palo's. I have a question re routing.

I have an interface with, say, 1.1.1.1/24. There is a router on the same network on 1.1.1.2.

I have had to add a static route in order to ping/communicate with 1.1.1.2

Is this normal Palo beha

Lab firewall

I was told you can buy the lower model firewall license for much cheaper for learning

Is there website or how can I buy one

PA 3200 Virtual Address limit

HI,

Hi have two PAs in HA Active Active with floating IPs, and today I reach an limit:

". Error: total virtual addresses 65 exceeded platform maximum 64"

There is any workaround for this?

Thanks

Source Mac not displaying

We have multiple Paloalto firewalls running in version 10.1.X/10.2. None of them are showing the source or destination mac address in the traffic logs. When we select the source/destination mac address column in the traffic logs, it shows blank.

So

PA-410 GUI is very slow over IPsec vpn

We are deploying new PA-410,450,440 in remote location. From Head office firewall to Remote location there is an IPsec vpn.

When users from HO try to access PA-410 firewall over GUI it took 10 - 15 minutes to load. During this GUI loading data plan

still see in logs while I already blocked it

Dears

panorama firewall logs show threat for example spyware which threat name is website link. I blocked website IP and the link but still I see it in logs.it repeated many times which full the logs .The source address from DMZ zone  and the destina

Certificate export on a fips enabled firewall

Hello All, I currently have an HA pair of 3260 firewalls that have a GP portal and gateway. My firewalls are in FIPS mode. I want to setup a redundant pair of firewalls in AWS as my DR running GP with the same config. So I would have a monitor setup

Paloalto HA probem

Hello,

we have a few PA440 clusters where we are unable to activate HA. Software version is 10.1.6-h6.

As soon as we enable HA on first node, everything goes down (including internet access) and then the config gets rolled back (due to lost conne

Wildfire and Fileblocking

Hi Team,

Want to understand how i can use  WF and file blocking.

Suppose if am using wildfire analysis and using a default policy 

application - any 

Filetypes - any 

Direction - both 

Analysis - Public-cloud

and Using a File blocking profile a

Firewall PA-460 Redundant Power Alarm

Hello, i have appliance Firewall PA-460.

i do the testing power with this device.  i had read the docs below.

Interpret the LEDs on a PA-400 Series Firewall (paloaltonetworks.com)

Replace a Power Adapter on a PA-400 Series Firewall (paloaltonetworks.

Dataplane Crashes on PanOS 10.2.2 when DNS-Servers not set

We've encountered an issue on PanOS 10.2.2 when DNS Servers are not set on the Management-Interface, the Dataplane crashes when jumping from the Panorama to the local context of the firewall. Older version of PanOS do not have this issue. Setting the