IPSec VPN Tunnel Interface with IP Addresses

I read the following example of Site to Site VPN IPsec with static routing :

https://docs.paloaltonetworks.com/network-security/ipsec-vpn/administration/site-to-site-vpn-quick-configs/site-to-site-vpn-with-static-routing

In the figure the example

SNMP OID fan and power supply

Hello team,

i have a PA3220 with PANOS 10.1.x and I would monitor FAN and power supply status via snmp.

What are the oids for monitoring these components?

Thanks for the support

BR

Incidents contain many alert types... but why?

Hello, everyone.  Our product suite now includes receiving alerts from the NGFW, in addition to XDR.  It seems, though, that a single incident may include several different alerts.  This seems like a strange behavior, because the list of alerts come

Shared IP in the WAN Side with HA Active/Active and ARP Load Sharing

Can we confgure the Shared IP in the WAN side in HA Active/Active?

Because I read in the PAN OS Admin guide two things:

Page 410: As illustrated in the floating IP address scenario, the firewall supports a shared IP address
for ARP load-sharing on

How to deal with Zones, Layer 3 and 4 header with NAT Policy and Security Policy

suspended firewall in HA pair became active after reboot ( preempt not configured on either active or backup firewall )

Suspended firewall in HA pair became active after reboot ( preempt not configured on either active or backup firewall ).

Does anyone have any thoughts i lost about 15 seconds to hosts behind the firewall.

firewall PA-460 & version 10.2.7

thanks

ACC not showing after upgrade from 9.1.10 to 10.2.7

I just upgraded our PA 3220 from 9.1.10 to 10.2.7 last night and noticed that there is no current data under the ACC tabs. How do I fix this? 

How to decode palo alto netflow app-id from hex value

Hi,
I am sending Palo alto netflow to a Linux server. While I capture NetFlow from the server and open it on Wireshark I cannot see appid in plain text format. I only see the hex code. I have attached some screenshot below here.

Is there any way to d

SCP import file without accept host key

Is it possible that we import file using "scp import" without accept the host key? 

In ubuntu(UNIX), we can add "-o UserKnownHostsFile=/dev/null" in connection string to avoid storing host key in local machine.

I understand that PA's NGFW CLI is no

'cfg.general.need-acknowledgement-to-login': NO_MATCH

I have deployed a new VM series PA FW, however whenever I am trying to login, it is giving 'cfg.general.need-acknowledgement-to-login': NO_MATCH

Any suggestions?

SSH\SFTP Proxy

Hello,

I'm currently managing an SFTP (SSH) server.

I'm attempting to implement file blocking using the NGFW.

I've configured a decryption profile that includes "SSH Proxy".

According to the traffic logs, the "decrypt" option appears to be activate

Routing and NAT Order precedence

In palo alto firewall. What is done first routing or nat for :

• Inbound traffic
• Outbound traffic

In cisco routers, for outbound, Routing first then NAT, for inbound traffic, NAT first then Routing.

Understanding Packet Flow in VPN Site to Site with Overlapping Subnets

get-ldap-data-failure - LDAP Failover doesn't work

-I had two LDAP servers configured with a firewall, the primary LDAP server had an issue with high CPU and memory due to which the firewall lost the group membership though the firewall has L3 reachability.

During the log analysis found that  get-lda

How to show the auditing process of objects during policy auditing

Hi Everyone,

I'm a new member FW Palo Alto,
Currently, I have done a dump of the rule checking process, but I cannot show the process of checking each object against the rules in the firewall, so that I can clearly see the rule checking and the matchi