Migrating from Windows DHCP to Palo Alto

Good afternoon, all!

I'm planning to migrate from my current Windows DHCP servers to Palo Alto DHCP.  I'm moving from Windows Server 2012 R2 to an HA pair of PA-850s running PanOS 10.1.9-h3.

Looking for traps, best practice, and any places to get bum

Authentication Profile not loading local web auth page

Trying to create an authentication profile so when traffic goes to an internal esxi host at https://10.10.245.99 they get an additional authentication prompt from the local firewall for a local firewall user. Very simplistic I was hoping. I followed

BI-DIRECTIONAL STATIC NAT NOT WORKING

Hi,

I have the following situation I want to do a bi-directional NAT for a complete subnet range.

I want to translate 192.168.96.0/24  -->  10.196.96.0/24 :   

   192.196.96.1  --> 10.196.96.1

    192.168.96.2 --> 10.196.96.2

... 

And this in both

Antivirus Download and Install Hanging

Pa11.0.1 onPa820 in High Avaliability mode.

The antivirus download and install update job has been at the "download in progress" status for several hours.

The last antivirus valid is:4406 -4923 of 31/03/2023.

The following resolution answer do

PALO ALTO 200 takes time to fail over

Hi All,

We have a OLD Palo Alto 200 on one of our sites in OKI. We performed an annual fail over test last week.

Here is what happened which is weird on panorama Secondary Firewall is showing as a Primary and it was on color red while the prima

Wildfire Analysis Report returns 500 internal server error

Hi team

I’m new to PA firewalls and facing some WebUI related problem.

When I try to open Wildfire Analysis Report under DEVICE>NETWORK>Wildfire Submissions, “500 internal server error” is shown and I cannot check the report.

I searched through

BGP route map

Hello

Here is a simple use case.

I have 3 palo, on 3 DC, and for each DC i have a router from on ISP with one single /28 public IP network.

One computer can move from one DC to one DC. For exposed server, behind a NAT, i am trying to advertise

How to count the detection messages in the path monitor ping packet

Can the packet capture function of the firewall capture ping detection messages sent from the e1/1 interface?

The customer wants to confirm that the wall is sending detection messages normally?

XFF

Hi

I am hosting a website behind ngfw.

The traffic comes from google load balancer, and i would like to LOG ONLY the x-forward IP (the original).

I have used this kb: https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/policy/identify-users-co

Global protect "certificate is not singed by CA" not allow to connect time to time

We have global protect version 6.1.1-5

When we connect to the GP it's working fine. Once we connect to another firewall's GP and disconnected from it and try to connect again to same firewall then we get the error "certificate is not singed by CA"

polycom会议电话流量经过palo alto防火墙，发现会议到达16分钟左右会断开连接

如上面所说，当流量跳过防火墙是连接同一台交换机，状态正常，专线网络，没有做nat，会话保持时间也是默认的3600，尝试过override 策略，流量也匹配正常，但是情况还在，抓包分析，流量建立了三次握手以后，后续会出现超时的流量，网络层是正常的，不明白会有超时的数据，有人碰到过吗，有什么解决建议。