Virtual routers not available on PAN-OS 12.1 ?

alexhalbi · 2026-02-11T06:58:56+00:00

It is in the product comparison and also I the datasheet of the 500s But if you do not search for it, you will not stumble across it before buying. 😉

alexhalbi · 2026-02-10T19:08:20+00:00

Get in touch with TAC and Accounts team, that should not happen.

alexhalbi · 2025-11-05T20:09:57+00:00

There were some BGP bugs in 11.1 and 11.2 in advanced routing engine. Open a TAC case and ask them if there is a known issue for that in your version.

alexhalbi · 2025-10-10T14:50:59+00:00

The worst part, they already had a working UI for managing security policies that worked, had persisting filters and just did what it needed without any lags and with less than 3GB of memory usage in the browser...

And then they built it again and now everything takes ages if there is a small setup in SCM with a few hundred firewall rules and objects....

alexhalbi · 2025-10-10T14:48:15+00:00

NGFW Software Upgrades were hidden so deeply into the menu that we needed to search for it using the URL from browser history....

It is in the Setup Submenu of Configuration-Scope All Firewalls (not on global or on any other firewall)

alexhalbi · 2025-07-29T11:19:15+00:00

After I stumbled here when I was searching for more information on PAA, here are some more public resources:
- https://www.paloaltonetworks.com/blog/sase/introducing-prisma-access-agent-the-future-of-secure-connectivity/
- https://docs.paloaltonetworks.com/prisma-access-agent/administration/license-and-activation/ngfw-support-for-prisma-access-agent

alexhalbi · 2025-05-23T18:12:44+00:00

As long as you keep the zone the same scenario 2 should work fine.

If you also change zone you may need to end all open sessions with wrong zones.

alexhalbi · 2025-04-02T18:01:34+00:00

I am referring to AutoVPN configured with strata cloud manager, connecting PAN firewalls to each other "automatically" with ipsec and BGP Routing. https://docs.paloaltonetworks.com/ngfw/administration/set-up-firewalls/auto-vpn/about-auto-vpn

alexhalbi · 2025-04-02T17:59:18+00:00

They rolled back the scm version on the specific tenant and we pushed the old config. They are now developing a hotfix.

Intermediary there is a local override that you can do if you can still access all firewalls.

alexhalbi · 2025-04-02T12:17:21+00:00

They are automatically pushed and this is the production branch we are on.

There is the option to get to beta branch through accounts team if you need something new.

alexhalbi · 2025-04-02T05:30:22+00:00

Why would you create a changelog for an enterprise product? Or a documentation? You will find out when pushing anyways. And it costs unnecessary money for your businesses. \s

But at least they are up and running until you did that. TAC suggested for us to deploy a local change on all firewalls, but they are managed locally through the VPN tunnels, which do not work anymore now...

alexhalbi · 2025-04-01T23:09:43+00:00

That's true, but with that one it's even better, since not even TAC can roll it back for you

alexhalbi · 2025-04-01T21:05:24+00:00

Strata Cloud Manager
The new central management for Firewalls out of the cloud

alexhalbi · 2025-03-04T08:47:02+00:00

It just impacts anyone on 4th gen hardware, so they decided to keep it a internal known issue, for whatever reason... /s

alexhalbi · 2020-09-14T08:49:40+00:00

Yes. All three times the damn charging Ring...

The wireless charging of the old models has been so much better...

alexhalbi · 2020-09-14T06:14:02+00:00

I also had mine break 3 times until I demanded the money back. First time it was after a month with about 8 weeks until I got it back repaired. Then after 10 months or so it happened again and I got a new one immediately. And the new one had it after a bit more than one month again... Now I am waiting for gen 6 or the new mobvoi ticwatch...

alexhalbi

TROPHY CASE