Next-Generation Firewall Discussions

PALO ALTO 200 takes time to fail over

Hi All,

We have a OLD Palo Alto 200 on one of our sites in OKI. We performed an annual fail over test last week.

Here is what happened which is weird on panorama Secondary Firewall is showing as a Primary and it was on color red while the prima

Wildfire Analysis Report returns 500 internal server error

Hi team

I’m new to PA firewalls and facing some WebUI related problem.

When I try to open Wildfire Analysis Report under DEVICE>NETWORK>Wildfire Submissions, “500 internal server error” is shown and I cannot check the report.

I searched through

BGP route map

Hello

Here is a simple use case.

I have 3 palo, on 3 DC, and for each DC i have a router from on ISP with one single /28 public IP network.

One computer can move from one DC to one DC. For exposed server, behind a NAT, i am trying to advertise

How to count the detection messages in the path monitor ping packet

Can the packet capture function of the firewall capture ping detection messages sent from the e1/1 interface?

The customer wants to confirm that the wall is sending detection messages normally?

XFF

Hi

I am hosting a website behind ngfw.

The traffic comes from google load balancer, and i would like to LOG ONLY the x-forward IP (the original).

I have used this kb: https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/policy/identify-users-co

Global protect "certificate is not singed by CA" not allow to connect time to time

We have global protect version 6.1.1-5

When we connect to the GP it's working fine. Once we connect to another firewall's GP and disconnected from it and try to connect again to same firewall then we get the error "certificate is not singed by CA"

polycom会议电话流量经过palo alto防火墙，发现会议到达16分钟左右会断开连接

如上面所说，当流量跳过防火墙是连接同一台交换机，状态正常，专线网络，没有做nat，会话保持时间也是默认的3600，尝试过override 策略，流量也匹配正常，但是情况还在，抓包分析，流量建立了三次握手以后，后续会出现超时的流量，网络层是正常的，不明白会有超时的数据，有人碰到过吗，有什么解决建议。

Migrationg from Cisco Meraki MX 67 to PA 850

We are facing issues with migration  from Cisco Meraki MX 67 to PA 850

Multiple remote site firewall commit errors/failures after Panorama 10.2 upgrade

Hey all,
Recently step-upgraded Panorama from 9.1.14-h4 to 10.2.4-h4. No issues upgrading Panorama. This panorama manages 180+ remote site firewalls. Ever since the upgrade we have *a few* remote site firewalls that are failing to commit properly in 2

Customer Firewall Transfer

Hello Guys,

I am new on the Palo Alto Environment, i work a lot with Fortinet.

So in the Fortinet "world" i can register an account like a customer and require for try some of their products, like FortiEMS, FortiOS VM, FortiAnalyzer Etc, all of this

Unable to commit after upgrade from 9.x.x to 11.x.x

Unable to commit after upgrade from 9.x.x to 11.x.x 

while commit the error message is below 

• user-id-agent unexpected here
• vsys is invalid

Import Backup

Hi All,

Can we import backup from PA-220 to PA-445??