Situation: Deployed two Palo Alto VM firewalls in Azure in a 'Transit VNet' following the Palo Alto Networks design, https://www.paloaltonetworks.com/resources/reference-architectures/azure. When you peer a VNet to the Transit VNet, the remote VNet’s...
Hello, We are trying to set up a new deployment in AWS consisting of two firewalls managed by a Panorama server. For starters, we deployed one firewall and one Panorama instance. They are in the same VPC, different subnets. Security groups currently ...
I am not sure why am I getting this IKEv2 IKE SA negotiation is failed as responder, non-rekey. Failed SA error when my custome is trying to send traffic to my VM-100 via IPSEC tunnel. This was working until yesterday but suddenly it stopped working ...
when we are trying to do policy push from Panoroma to firewalls it is getting failed and firewall is seen in out of sync state
Hi PLM and Experts We have any plan to support VM HA (HAVIP) on Alibaba Cloud. I have a customer plans to deploy VMs in Alibaba Cloud ,but because we don't support VIP (HA high availability) due to reliability and redundancy, which makes it impossibl...
Hello, I installed PA-VM8.1.0-KVM-8.1.0.qcow2 in my GNS3 lab and the username/password admin/admin is not working. Is there another username/password I can try? I also loaded PA-VM8.1.0-KVM-8.0.0.qcow2 and PA-VM7.1.0-KVM-8.1.0.qcow2 and the username/...
We have user and computer certificates as an option so we can use pre-login. It works great, but our computers have multiple user and multiple computer certificates which causes GlobalProtect to pop-up after login asking to select one. The user has t...
Hi Members, I have a setup in GCP cloud wherein I have to deploy set of vm series palo firewalls between load balancer and real servers.The problem is I need to know the exact IP address of the client whereas if you see in firewall logs, you will get...
Hi AllHas anyone else had a play with the GWLB on AWS?I know it must be PAN-OS 10.0.2 or higher to work,I have tested with multiple instances, As a bump in the wire it works fine. until you apply NAT, then it doesn't work at all for any traffic that ...
Hello Community, we´ve configured GP to authenticate via SAML to our Azure AD service so that we can use MFA on GP.GP is only used by IT employees with their "admin" accounts.So far, it seems to work fine how its configured. The only problem we are f...
Hello everyone, I am new to the Palo Azure environment. I have everything set up with 4 Palo VM instances between an external and internal load balancer. I am having an issue with NAT where traffic from the outside will not route to my internal VNETs...
Hello everybody, I'm having a weird issue with VPNs between a Palo Alto Cloud Firewall (PanOS9.1.3h) and Cisco Meraki Z3.All VPN Tunnels are established propely, but after a random period of time during the rekey step, a tunnel stays online, but netw...
Hello, Hope I get some direction/solution here. VM (10.9.8.4) can ping trusted interface (10.8.130.4) of PA but with packet loss!!! However, tracert 8.8.8.8 does not show the trusted interface as next hop....request timed out. Cannot go to the Intern...
Hi Guys, I am working on inbound (from the internet) flow on the VM-series untrust interface directly. Set up -VM-series FW - 3 interface -- Mgmt , Untrust , Trust Client -> Internet GW -> EIP -> Firewall untrust interface - eth1/1 - > (SNAT - eth1/2...
Hi there, We have deployed PA-VM in Azure and there are other 4 VMs within the same vnet. There are NSGs on each interface of PA (mgmt, trusted, untrusted) and also on the VMs. There is allowed-all rule in the PA with intrazone default rule logging e...
on:
Incomplete error
