HA error when configuring

• High-availability ha1 encryption requires an import of the high-availability-key(Module: ha_agent)
• client ha_agent phase 1 failure

Any ideas why this is happening? I have configured 3 other HA pairs with no issue.

PA1

PA2

Security Profile Evaluation

Hey Community!

In Palo Alto NGFW, when multiple Security Profiles (like Antivirus, Anti-Spyware, Vulnerability Protection, URL Filtering, File Blocking, DLP, etc.) are applied to a Security Policy

How does the inspection happen?

• Is it sequential (one

PALO ALTO FIREWALL , lan interface internet issue

I currently have a palo alto VM on my VMware esxi environment and i have setup the LAN and WAN interfaces and also created a dhcp scope on my lan interface and connected it to my windows server 2019 also on the esxi environment but i can se traffic t

Migrating certs from one palo to another

What is the process when migrating certs? 
are the added when new palo joins the device group?

do I need to import export the top level cert?

do I need to import the trusted root provided by customer or can I use what is already on the old palo?

thank

HA Links Over DWDM

Currently have a couple pairs of Palos (internal and external), with an HA pair over at a remote location. These 2 sites at connected via redundant DWDM devices (SmartOptics to be precise). Currently the HA links are just connected to a core switch,

Errors with Data Redistribution (User-ID Agent) on Labs Environment

Hi all, 

I am searching Palo Alto User-ID configuration and build Labs on EVE-NG use Palo Alto KVM.

Now I can set up LDAP and Group Mapping , it's working.

But I can not set up Data Redistribution, Connection between Firewall and User-ID Agent is N

Clientless VPN and Remote Desktop

I have a question about clientless VPN and Remote Desktop.

We have a Global Protect portal, but we only use it with the client. I have a new project to provide remote access via RDP to an internal windows computer for a select user. I've never done

hardware bug leading to a power failure after upgrade

Hello community!

I was informed by some customer that few months ago was dealing with a hardware bug present on the PA-5220 platforms, which could lead to a power failure after the firewall upgrade and render the hardware out of order.’

Is anyone

P1: P2P Link Primary – Require Failover to IPsec Tunnel on Link Down

Dear Team,

I have two Site and both site we are Palo Alto 440 firewall and P2P link and IPsec tunnel configured.

P2Plink configured PBR.

Priority 1 is P2P link and Priority 2 IPsec tunnel 

Priority 1 is P2P link and when the P2Plink go down need

Header Insertion doesn't work

Hi,

I try to enable HTTP Header Insertion to allow only my company's domain. I see the header insertion in the logs, but I got an error:

This account is not allowed to sign in within this network.

Please talk to  your network administrator for mo

About upgrade an HA configuration

Hello Team,

Standalone PAs can be upgraded by skipping multiple versions starting with 10.1.

Is this skip feature supported for HA?

I checked the documentation, but I couldn't find anything that clearly stated that it was supported in an HA con

Dos Policy Value Finetune

Hello,

We are currently using PA-3420 appliance & we have configured DOS Policy with default values, which is as below:

Action

Current Value

Alarm Rate

10000

Activate Rate

10000

Max Rate

40000

Block Duration (Sec)

300

We have feteche

Single interface failing LACP negotiation after PAN-OS update

I'm having an issue with a single interface in an aggregate bundle failing LACP negotiations after updating one network's firewalls from PAN-OS 10.2.13 to 11.1.6.

I have two separate networks (Network A and Network B) each with two PA firewalls in Act

Failover whilst HA2 link is down?

Hi!

We have two PA440 in A/P HA. We have HA1, HA1 Backup, HA2 and HA2 Backup configured.

We are planning on eliminating HA2 Backup to gain one extra interface and we were wondering which would be the downtime if (for some very unlikely reason) our mai

UserID Redistribution Filters working weirdly

Hi there

I have a customer setup with a central "Hub"/HQ-Firewall (Pair) and a lot of smaller "Spoke"/Site firewalls connected via S2S Tunnels. Each Site and the HQ have local AD DCs and UserID-Agent Server to collect User/IP-Mappings locally. Also in