= Notes on PaloAlto firewall =
 * PA known for integration with AD and TS, allowing rules based on user identity.

== AD User-ID agent integration ==
 * [[https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClR1CAK]]
   * verify connections to AD id-agent's {{{
> show user user-id-agent statistics
> show user ts-agent statistics

#State conn:idle or conn:Get IPs
}}}

== Verify Routing / BGP ==
 * > show routing interface 
 * > show routing protocol bgp summary
   * "router id:", "Local AS:", 
 * > show routing protocol bgp peer
 * > show routing protocol bgp loc-rib


== Errors / Fix's ==
 * Alert high: {{{
Commit on local device with running configuration not synchronized; synchronize manually
}}}
   * Use "Config Audit" under [Device] > "Config Audit" 
     * Info [[https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/high-availability/reference-ha-synchronization/what-settings-dont-sync-in-activepassive-ha|Pan-OS 9.1]]