About FWPalolearner

Hello    I have panorama 9.0.4 and palo alto fw 8.1.7   we are not using templates   I have to create 6 zone and subinterfaces . So do i need to create them locally on the firewall ?   Will it get sync to panorama automatically ? or do i have to do something to sync with Panorama ?   or do i have to load the device to panorama and change the context to the active FW and then do the changes ?   Please suggest how to make zone and subinterfaces   Next to this , the zone which we have to  make are already part of another firewall - so can we create same name of zones on two different firewalls ?  but both are managed through Panorama ... View more

Hello ,   We have integrated already the AD ( 3 Servers for redundancy) The User id we are using is the default one which is on the PA FW   The domain is  abc.nl  . The setup is working .   Now we are building an entirely new domain called abc.es .   migration may take time   There is no trust and the forest is different .     So is it possible to have two different domain from two different forest . ?   What is the recommendation ?   and is it possible to have user id agent for this new domain on PA or we have to install it on AD server ?   From my view it is more complex to have both but the catch here is that domain abc is same so i need to know what are the limitations of using two different domain   one is to have to add it in each policy where old one is being used ? ... View more

Hi All ,   I have an issue   Is there a way to use Global Protect to  enforce web or URL  filtering policies when users are not on the corporate LAN ?  for now, when users work remotely , they bypass all web and  URL filtering and security policies and download whatever threats they want.    Regards   ... View more

Hello ;   One of our customer is having a requirement to change the host name of Panorama ( Standalone)   The firewalls are integrated using the IP address of Panorama .   Will there be any impact or what are the steps to be performed to change the hostname of Panorama? ... View more

Hello ,   we have got one issue .   While we dial from webex internal to outside webex number  :  sometimes the webex connection created ; sometimes black screen and sometimes no connection created.   Got below error on webex   The far end system does not support the requested channel type .   The security policy is   10.1.1.1  to any  any port    The NAT is Hide NAT ( dynamic IP and port)    The logs says that it is seeing APP id h.225, h.245 , rtp-base ,rsvp  Some logs shows tcp reset from server ,   At times ; while running show session id XXX commands ; i dont see NAT is happening    DO I  need to change NAT to static Bidirectional or do i have to use application override  for ports 1024-65535?  ... View more

Hi ;  One of our customer is Migrating all the vlans which are currently on PA 3020 ( Acting as L3)  to another firewall in their DC PA 3060 . There are around 15 vlans which are directly connected networks on PA 3020 . So we will be extending those vlans to DC and make the subinterfaces on DC PA 3060 / Shut down the subinterfaces on PA 3020 and make them up in 3060 .    Both these firewalls are managed through Panorama . Both are in different device groups .   Is it recommened to migrate the policy from one DG to another ?? Because in what order they will be copied ? will they be copied all on the top or at the bottom ; or shall we go to add the security policies manually ?? ... View more