Google Cloud VPN IKE-SA-INIT packets being dropped

I built a site-to-site VPN between GCP and a PA3250, which is not working. Surely, I'm missing something.

The GCP vpn points to the same interface and IP that other VPNs successfully use on the Palo.

I added a Sec policy to allow the GCP IP and t

Best practices for Dynamic updates

Hi,

Does anyone know what the Best Practices are for dynamic updates?

How to avoid split brain in active passive cluster

Hi,

We've got a installation with active-passive devices in different datacenters. We need to ensure that the primary device is always the active device when there is some problem between datacenters.

We have configured virtual router path monito

ACC Export PDF of application usage lack of colour

Hi all,

I found that when I Export PDF report of ACC application usage,

the report cannot be displayed normally, it will be lack of colour of each application grid like below 

How can I solve it? Is it normal or not? Any document mention this?

LACP load balancing algorithm

Hello Team,

Where I can find information about how traffic balance between physical interfaces in case when LACP used?

Can I choose balancing method in configuration (source/destination, MAC/IP Addr, L4 Ports)?

I found information about traffic distri

Logs showing same Zone for interzone traffic

HI team,

We are try to reach from one zone to another zone in Palo alto firewall. We are able to reach but in the logs something weird we are seeing. the source zone and destination zone is same in the logs for different zone traffic. Is there any clu

Palo alto denying the traffic randamly

A simple rule is created in my firewall, where the traffic is allowed from our servers to the fqdn which is reaiding in internet. Application is as any and in service 443 is allowed.

Sometimes firewall is allowing the traffic , sometimes it is denyin

PA-VM HA Clustering architecture

Hi All,

We are working to deploy 4xPA-VM 300 firewalls in our 2 DCs. We would like to have a pair of Active/Passive firewalls in each DC. We would then want these 4 firewalls to be in a cluster as well. 

Our objective is to have complete redundan

How to identify pinned certificates?

Hi,

How can I find out if the site is using pinned certificate so that I can exclude the site from SSL decryption?

EDL and Custom URL

Hi There, 

Problem Statement : We have custom URL lists(To allow Azure Endpoints only), also we have EDL(With Minemeld) integrated. 

As per our Infosec Policy we should not use Minemeld feed for Microsoft as it has some of many wildcard. So desperatel

Slow throughput issue over IPSec VPN tunnel configured between Fortigate 100F and Palo Alto

Hi Team,

Slow throughput issue over IPSec VPN tunnel configured between Fortigate 100F and Palo Alto.

What are the recommendation for the MTU size for the IPsec tunnel in palo alto as default MTU on the interface is 9192.

Regards,

Umesh Kumar

PA220 Slow management on 10.x

Hi. 

So on the 10.1.6 known issues list, it still lists 220's as taking more than an hour to upgrade and has slow management interfaces. However, I don't see that it's mentioned on the known issues nor the addressed issues for 10.2.x. 

Is it still an

Globalprotect clientless portal link persistence using SAML through cloud identity engine.

Hello, 

Just wondering if someone can shed some light on link persistence when redirecting through Palo Alto cloud identity engine.

In our previous config which was Local user authentication based, an automatically generated link which would open a re

Can we input address range directly to security policy source and destination

Hi,

In firewall version 8.1, Can we input address range directly to security policy source and destination?

Thank you.