Issue Secondary device in a High Availability Active/Active pair is showing a non-functional status. Resolution Make sure the device IDs on the two devices are not the same. Change the ID on the Primary device to 0 and the secondary device to 1. This is done so the two devices
Issue In an environment with dual HA clusters (active/passive), connected through the same subnet to each each other, the ARP tables for the upstream routers display the same MAC for the different cluster IP addresses. Traffic is not passing through the LAN. Resolution The Group ID is part of the
Issue When trying to remove the IP address from the management interface the following error is received: commit failed * Config commit phase 1 aborted(Module: device) * (pan_dnsproxyd_parse_instance(mgmt-obj) failed * (Module: dnsproxyd) * Commit failed Resolution The management interface of the Palo Alto Networks firewall must have an IP address
Issue: When creating shared policies in Panorama,how are the target devices chosen and policies applied to selective machines? Resolution: The security policy is in the context of the Device Group on Panorma. In the current version of Panorama, target devices can only be selected if they t
This document describes the best practices for using Panorama for central security policy management. Panorama can provide a central repository to create and push security policies to multiple firewalls and virtual systems. This provides better efficiency and allows for larger scale firewall deployments. This also helps ensure a consistent policy
This article is outdated and is replaced by: https://live.paloaltonetworks.com/t5/Featured-Articles/Getting-Started-Packet-Capture/ta-p/72069 The purpose of this document is provide background information on PAN-OS Packet Filtering, Capture and Debug Log functionality as well as recommended workflow when using those features in problem diagnostics. The commands covered in this document is applicable to all
Service providers and enterprises that deliver revenue-generating and business critical services over the Internet face a myriad of performance and security challenges. However critical those challenges may be, high availability remains the paramount concern. In order to properly perform access control functions, a network firewall must be placed at the
Two signatures exist for data filtering: Credit Card: the device will look for 16 digit numbers and will run thru a hash algorithm. It must match the hash algorithm before detecting this as a Credit Card number. This method has less false positive. Social Security Number: is detected as any
Overview For max-packet-rate, the unit is kilobytes per second: set deviceconfig setting logging max-packet-rate 250 For max-log-rate, the unit is counts per second: set deviceconfig setting logging max-log-rate 250 The current values can be checked with the show system setting logging command. For example: > show system setting logging Max.
There is explosive growth in global social networking and browser-based file sharing on corporate networks, with a 300 percent increase in active social networking (e.g., posting, applications) compared with activity during the same period in the latter half of 2010, according to research published by Palo Alto Networks.
A new study by network security firm Palo Alto Networks shows "explosive" growth in the use of social networks in the workplace, with a 300 percent increase in social media activity in the latter half of 2011 compared with the same period of 2010.
Overview Saving a config change is basically saving the xml configuration to a file. It doesn't apply the changes into the current config. Commit is basically save and apply the changes. You always need to commit the configuration change to see the effect of the change. If the changes are
Overview To allow Ping and other management traffic, configure an Interface Management Profile and apply it to the interface. Steps Go to Network > Network Profiles > Interface Mgmt Create a profile allowing ping: Go to Network > Interfaces and assign the profile, created above, to the interface under the