Next-Generation Firewall Discussions

User-ID Redistribution Agent : Close Connection to Agent

I am getting high severity alerts for user id connection agent Failure - Redistribution Agent <Agent Name> (Vsys1):Close Connection to Agent. Would appreciate if anyone can help me understand the log to check if the issue occurred due to firewall or

Need to upgrade PA 440 Firewall

I need to upgrade PA 440 from the software version 10.1.6-h6 to version 10.2.8 can you please provide me the plan.

Palo Alto PA 5220 running on 10.1.10 H2 is not mounting /dev/sd9 partition

When we booted up the firewall we're getting an error that AutoCommit failed to complete. This was seen while mounting the raid partitions, specifically /dev/sd9. After referring the documentation existing on Palo Alto community, in the link https://

Show IPsec tunnle uptime duration

how we can check IPsec tunnel uptime duration on PA as like on ASA we can see using show vpn-sessiondb detail l2l.

Regards,

Sufiyan

Planning to set the API key lifetime rotation - Authentication settings

Hi Team,

I have configured the API key lifetime which is set to never expire. Based on the advisories I am planning to set the key lifetime rotation.

The question comes to my mind is, if I setup the key lifetime rotation will it impact the existing

IPsec tunnel PA-Forcepoint Up but no traffic passing through

Hi ,

I'm configuring an ipsec tunnel between PA-5410  (route based )and Forcepoint Firewall (policy based), and showing up but when i try to ping from LAN-to-LAN i could not recieve any trafic or logs . from system log,

 ""PSec key deleted. Deleted

SIP TRunk over PA6-440 not working

Hi

we have just migrated from Cisco ASA to palo alto 440 firewall

we have a SIP trunk between IP telephony server CUCM installed on our site and another installed on remote site

the communication is done over a tunnel ipsec VPN

from our site we can p

Custom URL to match allow policy matches halfway through URL

Custom URL category containing one line similar to this:

abc.com/string1-string2/string3-string4/string5

After the domain name are a series of strings with some dashes and forward slashes. String5 is meant to be a filename in the string3-string4 dire

IPSEC Tunnel monitor for policy based site to site VPN

We have connected site to site VPN tunnel with remote peered using policy based. so ca we monitor this IPsec VPN tunnel if it goes down with some trigger mechanism over email. 

PA3260 HA secondary SNMP credential not working

we have paloalto HA configured and i configured snmp server trap profile in primary firewall. when i pull data from snmp manager it successfully pull data from primary firewall. but when i tried to pull data from secondary it shows me credential wron