Palo Alto ALG (Application Level Gateway) SIP dissable just for a particular source and destination IP addresses in a Security Policy?

Hello to All,

From what I read about ALG (Application Level Gateway) functions on the Palo Alto Firewalls this function if needed is disabled globaly for the SIP default application or with application overide policy but this will stop the SIP si

Palo Alto PA 5220 not login after password complexity changes

We changed the password complexity and history settings on our firewall a couple of days ago. After committing the changes the local users are not able to login on the firewall. So we tried to boot into maintenance mode by connecting through a consol

SSL/TLS decryption

Hello

I would like to configure my Palo Alto to decrypt SSL/TLS inbound/outbound traffic.

For Inbound, it's to control the traffic from Internet to our internal Web servers. Our internal Web servers is based on Apache or IIS with SSL. The certifi

Remote Admin via ISP connected interface

I have a PA-440 that I need to be able to manage via it's ISP connected interface.  I did the intial setup via the MGT interface but when I had the device moved to it's permanent location, which is not connected to our WAN, I cannot get the login web

Whether configuring Vsys will make firewall more secure or not

I would like to know advantage and disadvantage of implementing Vsys. 

in an environment , we are able to configure our firewalls with vsys or without vsys. 

Would also like to know whether configuring vsys will make firewall more secure or not ?

Unable to take passive firewall access.

We tried changing the cable, switchport and VLAN and also connected the Management Interface directly to a laptop. There was no SSH or HTTPS access possible

We also tried to restart the Management and Device Server and other related processes on the F

Traffic Distribution methodology

We have 35 PA firewalls all using SD-WAN and have (typically) the following configuration for WAN connections...

100M TC4 Internet

20M TC2 Internet (best quality)

5G Cellular Internet (always on)

We have the following traffic distribution profile

NAT rule

Hello

I have a problem. I have a firewall Palo Alto. Eth1 (20.74.34.3) is configured on public zone and eht1/2 is configured in the internal zone (10.110.0.4). Inside the internal network, I have a dmz subnet 10.111.0.0/24 where I have 2 web server

Having trouble to create an support account?

I am trying to setup an account to create a case.  I have my serial number/Order number, Since one of these are required in the registration process, I  opend a case [Case#: 02362263] . I do have access to my paloalto unit online in case I can find a

PA-VM HA Failover Procedure

hello dear forum members, 

i have a question regarding 

the cluster configuration. 

wer'e currently

running a PA-VM in cluster (A/P Mode) 

in the organization within an 

azure enviornment, both

are configured with different External

ip address. 

ISP Failover with dual Dynamic Public IPs?

Hello,

I have two ISPs with Dynamic Public IPs.  Is there a way to setup ISP failover?

Thanks,

Bill

v-wire security newbie

we have a v-wire setup where we are controlling traffic to a secondary firewall w our 820. as its sitting between ISP and the site secondary firewall (sonicwall) we created a rule that negates all but some countries we do business with and that negat