DNS rewrite

Hello,

I am using DNS rewrite for a hosted service that we are connecting to, however, the global nature of this feature is causing me some problems now as we are connecting a network we do not manage to our firewall which causes routing to fail to t

Prevent Credential Phishing with UPN (userPrincipalName)

Hi World,

I'm have my first contact with this Prevent Credential Phishing feature. With the option "IP User", because UserID Mapping is already in place, i'm able to detect sAMAccountName Username submissions. But a lot of phishing sites are focused

PA-5450 - HA1 on NC possible?

Hi folks,

I came across a situation where there are insufficient number of transceivers for the new PA-5450's HA1 and HA2 (with backup interfaces).

The HSCI ports are use for HA3 (Active/Active deployment). I have to use one SFP+ transceiver for the

pa850 spf+ interface speed setting separately

I set pa850 one spf+ interface speed to 1000M,the pa850 report commit fail, "Error,invalid forced speed/duplex for ethernet1/12,interface configuration error..."

in cli mode, the command of setting interface speed is only "set system setting ports-9-

No Internet Access or Cannot ping to global dns

Dear Team,

I have layer two switch which is connected to core switch (layer 3) and created the trunk link between these switched and the core switch is connected to my firewall and created route port to firewall from this core switch. outside my f

MIGRATE ASA Firewall to Palo alto(3410)

We want to migrate from ASA to PA(3410) , we are using expedition tool.

But when we try try to add device in expedition migration tool (v 1.2.34), we don't see any drop down for 3400 series firewall.

Is there any solution for this?

Can I proceed by

DNAT fails to work on PA-VM

Hi PA experts,

    I've been racking my brain to figure out the DNAT problem when doing the tests on PA-VM.

    It should be a very common scenario which is why I really don't get why the common DNAT doesn't work. 

    On PA, the inside interface is

User-id & group information miss mapping issue

Hello,

PANOS 10.1.0 upgrade to 10.1.6-h3

Hi,

  I am at the tail end of upgrading our environment from 10.1.0 to 10.1.6-h3 with one system left and the software install bar has been at 45% for the last 5 hours. The system responds fine to commands, the GUI works, but the install isn't comp

Best Practice for URL policy question

So the scenario is we have an app on a server which needs to access several URLs. My colleague setup a custom URL Category and applied it to the policy, but the problem is this isn't working. From my reading on URL Categories, this applies to web-bro

Network Segmentation

Hi,

I'm working to redifine the global architecture. Currently, we have a cluster of 2 Watchguard but we will migrate to Palo Alto (PA-850). Currently, all vlan are configured on Watchguard but I'm not sure that is the best approach. On my LAB, bas

Software Upgrade Path within 10.1.x

Hi Team,

Planning a software upgrade on PA-5220 from current 10.1.5-h2 to 10.1.6-h3.

Can we upgrade directly from 10.1.5-h2 to 10.1.6-h3 or it has to go 10.1.5-h2. > 10.1.6 > 10.1.6-h3 ?

Thank you in advance.

Best regards,

Darren Chew

Wildfire is resetting the connection

Hi,

I want to know why wildfire is resetting the connection for legitimate traffic. 

Problem with PBF with two ISP and two VR

Hi all,

I have a PA220 managed with Panorama. Very cool mgmt and very powerful. Only the PA220 is a bit slow.

My Situation - I have two internet connections (Eth 1/1 and 1/7) with fixed IP. Both have their own VR and therefore both have a null route.