Next-Generation Firewall Discussions

Having trouble to create an support account?

I am trying to setup an account to create a case.  I have my serial number/Order number, Since one of these are required in the registration process, I  opend a case [Case#: 02362263] . I do have access to my paloalto unit online in case I can find a

PA-VM HA Failover Procedure

hello dear forum members, 

i have a question regarding 

the cluster configuration. 

wer'e currently

running a PA-VM in cluster (A/P Mode) 

in the organization within an 

azure enviornment, both

are configured with different External

ip address. 

ISP Failover with dual Dynamic Public IPs?

Hello,

I have two ISPs with Dynamic Public IPs.  Is there a way to setup ISP failover?

Thanks,

Bill

v-wire security newbie

we have a v-wire setup where we are controlling traffic to a secondary firewall w our 820. as its sitting between ISP and the site secondary firewall (sonicwall) we created a rule that negates all but some countries we do business with and that negat

Using Captive portal and Azure AD for user network authentication

Is there any documentation available on how to achieve this for general user network access? I assume the network has to be set up with a captive portal, but traffic to identity provider for SAML exchange need to be allowed even before the user gets

Certificate revocation / OCSP not working

I've set up one of our PAs (a 5260 running 10.1.6-h3) to use as a certificate authority and OCSP responder for use with GlobalProtect remote access. I'm able to issue and verify certificates with no problem, but revoking a client certificate has no e

Clientless VPN for SQL Traffic?

I have users at a development partner company who need to access a dev SQL instance. So they need TCP 1433 to one server. I would like to restrict access to their corporate public NAT IP and require that they use AD credentials. But it would be prefe

Bypass the url filtering

Hi everyone

Can bypass the url filtering by changing the URL in HTTP get request ?
For example
Firewall rule deny connect to url deny.com and allow url allow.com
User try to connect to deny.com with IP adress a.b.c.d, user add item the host file or usin

unknown traffic pcaps just stopped happening one day around 2 weeks ago

I have a PA-460 that stopped doing pcaps for unknown traffic about two weeks ago.  I played around with the application dump setting and I think I may have broken something:

Application setting:
Application cache : yes
Supernode : yes
Heuristics : yes

Routing issue on Multi VSys PA Firewall integrated with Cisco ACI

Hello,

We have multi Vsys firewall to handle North-South and East-West traffic, which is integrated with Cisco ACI. The virtual router is configured with static route 0.0.0.0/0, next hope as Cisco ACI.

We are seeing some North-South traffic on Ea

sometimes the policy matched the multicast packets and sometimes it didn’t when each packet had the exact same source/dest IP and source/dest port?

 sometimes the policy matched the multicast packets and sometimes it didn’t when each packet had the exact same source/dest IP and source/dest port?

Some multicast traffic is allowed but other packets are denied. We need to understand why there is