About RyanJohnstone

I have a HA Pair of PAs in Azure, as of yesterday morning, the active PA NVA has lost its secondary IP addresses - it had two and both have disappeared.  So i just have the dynamic one now which only has a private IP.  This is configured via the Azure portal on the untrust NIC.  Anyone come across this before or can guide on how i can find out what has happened?  it has not failed to the passive and the active still shows as active.   i have been told Azure VM backup does not work with the PAs so what is the fix, do i just need to build the IP addressing again.   i am beginning to doubt PA as being the best solution for protecting our Azure workloads....   thanks   Ryan ... View more

Hello,    we are trying to take an Azure back up of the Palo Alto VM but our CSP is reporting an issue with the backup agents on the Palo VM.  The backup Pre checks are failing with a warning that it "cannot communicate with the vm agent for snapshot status vm sub task timed out"   Can anyone guide on where i should look for where this issue may be, we are on release 9.0.7 and vm plugin 1.0.8   Thanks   Ryan ... View more

Hello, is there a way to report suspicious DNS domains to Palo Alto for inclusion on the Palo Alto suspicious DNS query list?  we have a domain which various threat intelligence sources report as suspect/risky but it does not appear in the Palo Alto list.  i know we could set up a custom list but is there a path we an use to report into Palo Alto for addition in the main list?   Thanks   Ryan ... View more

We have a couple of PA3050 devices in situ and are planning to migrate many of our workloads into Azure.  We would like to deploy a VM-300 in Azure and keep costs as low as possible with the ability to flex up/down.  The PAYG model seems the option for this but we have been told this is not available to us as we are using a CSP.  Are there any other options avaialble to make the Palo Alto a viable option for us in Azure?  ideally we would want to go PAYG initially and once the migration completes review incurred costs, if PAYG is looking expensive the we could look to BYOL, if we were to do this could we migrate our 3050 licensing over to the VM-300 in Azure?   Thanks   Ryan ... View more

Hello,   I wanted to use the SSL/TLS profile facility to restrcit management GUI sessions to TLSv1.2 but am having trouble with the certificates/process to follow.  We have an Active/Passive HA Pair, i have been trying to setup on the passive to test but it is not working, from having a look around i susepct this may need to be setup on the Active with just the profile selection defined on the passive.    Can anyone guide please on the correct process and what certificates / profles need to be created where, e.g. do i create the Self Signed Root CA on the Active firewall, generate the certiciates (signed by created root) to be used for both primary and active SSL/TLS profiles on the Active Firewall and then create both SSL/TLS profiles on the Active Firewall.  Then on Actve and Passive Firewalls just select the correct SSL/TLS profile?   Appreciate any guidance.   Thanks   Ryan   ... View more