Next-Generation Firewall Discussions

communication of vlan interfaces not working

Hello,

I have two firewalls connected over "L2 Line" from our ISP.

We would like to use this line to route between our two sites instead of IPSec tunnel.
On this line I can use vlans from 1-100 for communication.

On both firewalls I created L2 interfa

PAN-DB URL Filter expired even if Advanced URL filtering is still valid

I purchased service bundle for my PA firewall,  PAN-PA-220-BND-LAB4-R, which includes PA-220 Lab Unit Renewal Service Bundle (Threat Prevention, DNS, PANDB URL Filtering, GlobalProtect, WildFire, SD-WAN, Standard Support) Period.

After activation,

PA 3260 Policy Rule losing DNS resolution to FQDN-defined site - 4.19.23

We have a policy rule that contains an FQDN-defined website destination (yandr.wiredrive.com). When initially configured to pass traffic to required cloud-based resources, DNS resolution to the wiredrive.com site would happen regularly, usually after

getting system alerts

Hi Team,

frequently we were getting system alerts as " PANDB: Authentication or Client Certificate failure"  after restarted the management server we didn't get error for PANDB, but now we are getting " failed to resolve host wildfire paloaltonetwo

SSL Decryption Exclusion - What does "Obsolete (Enable me to clean)" mean?

When viewing the SSL Decryption Exclusion list you can click to see obsolete entries.  When you do they say OBSOLETE (Enable me to clean) - what does that mean?  If you enable it then it will get removed?  I'm not certain what this is trying to tell

Need to complete PCNSE course through portal

Hi,

This  is suresh from hcl technologies.

Please help me to get the PCNSE course as free and need to complete through paloalto portal.

I have activated login details as a partner

DNS Proxy

Hey,

i am configuring an isolated Vlan and i need some static DNS entries to be "supplied" to the clients instead exposing our internal dns servers.

i thought about using the DNS Proxy feature, but i seam to be stucked.

1) when DNS Proxy is enabled

Cannot see an option to select the management interface for HA1 backup link - PAN-OS 10.2.4

I'm trying to configure HA Active/Passive on a pair of PA-5410's running PAN-OS 10.2.4. I'd like to use the dedicated HA1-A port for the primary HA1 link and the management interface for the HA1 backup link but I cannot see an option to select the ma

Palo Alto Migration

Currently, we have 2 3020s in our production network but I am also tasked with setting up two new 3410s to replace the current setup. I have gone through the initial setup and committed the admin password change. I have a current config backed up, I

virtual address active-active

is virtual address mandatory for active-active HA configurations. I do not wish to use virtual address for A-A HA. My ISP does not give enough IPs

Proxy ARP for Private VLAN?

Is there a 'proxy arp' interface command (or equivalent) to allow l3 communication between isolated devices on private VLANs?

I am looking to move our DMZ to a private VLAN. I would like all ports to be isolated, but allow some communication betwee

BackUp Firewalls

Hi Team,

What is the best solution to Backup our firewalls? As we have standalone firewalls we need to make sure we have backup collected and stored. Please let me know the best way. Thanks.

Regards,

Sanjay S

HIP match log not found

In pan-os 9.1.15-h1 , I have configured hip object and also called in hip profile, The Agent submits the hip data to the firewall after that also no log is found in HIP-Match log, then even i had changed and try for hip match OS as windows that too h

X-Forwarded-For on Threats logs

what`s mean below article?

https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/policy/identify-users-connected-through-a-proxy-server/use-xff-values-for-ip-based-security-policy-and-logging 

For non-URL Filtering logs, XFF IP logging is sup