PA-VM HA Clustering architecture

Hi All,

We are working to deploy 4xPA-VM 300 firewalls in our 2 DCs. We would like to have a pair of Active/Passive firewalls in each DC. We would then want these 4 firewalls to be in a cluster as well. 

Our objective is to have complete redundan

How to identify pinned certificates?

Hi,

How can I find out if the site is using pinned certificate so that I can exclude the site from SSL decryption?

EDL and Custom URL

Hi There, 

Problem Statement : We have custom URL lists(To allow Azure Endpoints only), also we have EDL(With Minemeld) integrated. 

As per our Infosec Policy we should not use Minemeld feed for Microsoft as it has some of many wildcard. So desperatel

Slow throughput issue over IPSec VPN tunnel configured between Fortigate 100F and Palo Alto

Hi Team,

Slow throughput issue over IPSec VPN tunnel configured between Fortigate 100F and Palo Alto.

What are the recommendation for the MTU size for the IPsec tunnel in palo alto as default MTU on the interface is 9192.

Regards,

Umesh Kumar

PA220 Slow management on 10.x

Hi. 

So on the 10.1.6 known issues list, it still lists 220's as taking more than an hour to upgrade and has slow management interfaces. However, I don't see that it's mentioned on the known issues nor the addressed issues for 10.2.x. 

Is it still an

Globalprotect clientless portal link persistence using SAML through cloud identity engine.

Hello, 

Just wondering if someone can shed some light on link persistence when redirecting through Palo Alto cloud identity engine.

In our previous config which was Local user authentication based, an automatically generated link which would open a re

Can we input address range directly to security policy source and destination

Hi,

In firewall version 8.1, Can we input address range directly to security policy source and destination?

Thank you.

Palo alto Implementation issue

Dears,

I'm Trying To implement Palo alto based on VMWARE ESXI Machine and i need  to Take in place the Redundancy in Network Design.

The Image has been ttached which I am Trying to reach it with optimum solution Network Toplogy 

What I can do In Palo A

Palo alto Implementation issue

Dears, I'm Trying To implement Palo alto based on VMWARE ESXI Machine and i need  to Take in place the Redundancy in Network Design.

The Image has been ttached which I am Trying to reach it with optimum solution Network Toplogy 

What I can do In Palo A

有外來單位來連我們會出現三項交握失敗

有外來單位來我們單位連線，出現incomplete 不知道有沒有高手遇到過這種情況，再麻煩處理了喔

PA dropping certain MSSQL EXEC statements for no apparent reason

Having a weird issue with a remote client connection to over VPN to multiple internal MSSQL servers. A particular SQL EXEC query packet is getting dropped in the middle of an SQL session. Security ruleset allows the communication under a VPN to TRUST

AD inntegration User ID agent Windows Server 2022

Have integrated Windows server 2022 with NGFW, but some users are not included in the appropriate rule. 

Firewall tries to close a BGP/TCP connection with switch

Hi,

  The following problem involves a firewall (10.249.0.13) wanting to close a BGP connection with its neighboring switch (10.249.0.14).

The switch answers with a BGP NOTIFICATION message that contains 'No supported AFI/SAFI'. (separate issue)