suspended firewall in HA pair became active after reboot ( preempt not configured on either active or backup firewall )

Suspended firewall in HA pair became active after reboot ( preempt not configured on either active or backup firewall ).

Does anyone have any thoughts i lost about 15 seconds to hosts behind the firewall.

firewall PA-460 & version 10.2.7

thanks

ACC not showing after upgrade from 9.1.10 to 10.2.7

I just upgraded our PA 3220 from 9.1.10 to 10.2.7 last night and noticed that there is no current data under the ACC tabs. How do I fix this? 

How to decode palo alto netflow app-id from hex value

Hi,
I am sending Palo alto netflow to a Linux server. While I capture NetFlow from the server and open it on Wireshark I cannot see appid in plain text format. I only see the hex code. I have attached some screenshot below here.

Is there any way to d

SCP import file without accept host key

Is it possible that we import file using "scp import" without accept the host key? 

In ubuntu(UNIX), we can add "-o UserKnownHostsFile=/dev/null" in connection string to avoid storing host key in local machine.

I understand that PA's NGFW CLI is no

SSH\SFTP Proxy

Hello,

I'm currently managing an SFTP (SSH) server.

I'm attempting to implement file blocking using the NGFW.

I've configured a decryption profile that includes "SSH Proxy".

According to the traffic logs, the "decrypt" option appears to be activate

Routing and NAT Order precedence

In palo alto firewall. What is done first routing or nat for :

• Inbound traffic
• Outbound traffic

In cisco routers, for outbound, Routing first then NAT, for inbound traffic, NAT first then Routing.

Understanding Packet Flow in VPN Site to Site with Overlapping Subnets

get-ldap-data-failure - LDAP Failover doesn't work

-I had two LDAP servers configured with a firewall, the primary LDAP server had an issue with high CPU and memory due to which the firewall lost the group membership though the firewall has L3 reachability.

During the log analysis found that  get-lda

How to show the auditing process of objects during policy auditing

Hi Everyone,

I'm a new member FW Palo Alto,
Currently, I have done a dump of the rule checking process, but I cannot show the process of checking each object against the rules in the firewall, so that I can clearly see the rule checking and the matchi

Unable to connect GlobalProtect

GlobalProtect Unable to connect and the web portal showing err_empty_response. Certificate is already installed in the client.

PANGPS log:

(P2832-T9964)Debug( 929): 12/15/23 09:43:34:892 SSL connecting to x.x.x.x
(P2832-T9964)Debug( 487): 12/15/23 09:

Policy match either XFF or layer 3 IPs?

We have load balancers proxying traffic back through a pair of PA5250s and recently started extracting X-forwarded-for data to match in our traffic policies. Is it possible to have rules that match EITHER the XFF IP or the load balancers' proxied IPs

Fragmentation over IPSEC tunnel

when the packets are fragmented and transmitted over the IP Sec tunnel, does PA-FW accept the packets in both of the following options

1. Fragment first then encrypt and forwarded to FW
2. Encrypt first then fragment and forwarded to FW

Web GUI is not working in chrome and mozilla, but working in microsoft edge

Hi team,

But in Edge its working firewall

Destination Static NAT vs Source Static NAT with Bidirectional

Static Destination NAT: This NAT Rule allows users on Internet to initiate traffic to access internal or dmz server with a public IP of the server let's say 13.1.1.10. The inbound request has a Layer 3 destination IP 13.1.1.10, the firewal then appli