General Topics

Assistance with 100Gb load testing on a PA-5450

We have a spirent connected directly to a PA-5450 to do load testing on the 100Gb ports.  The PA5400 has two NC cards (Slot 1 & 2) and then 4 DPC cards (slot 3-6).  The docs show that NC1 is logically mapped to DPC3, and NC2 is mapped to DPC4.  But t

When should I use "enforce symmetric return" in the PBF rules?

What is the purpose of this setting? Doesn't all traffic go out the same route as it came in, anyway?

What Cisco SFPs are compatible with PA QSFP28-CWDM4 100Gb SFPs?

Client is testing 100Gb throughputs on a pair of PA-5450s.  We added the PA supplied QSFP28-CWDM4 (Finisar) transceiver into the Cisco switch and the Cisco logs revealed the transceiver is incompatible.  But, in order to do 100Gb on the PA it is requ

AI ​​Access feature 11.2.2-h1

PA-5450

I need to enable the AI ​​Access feature, then the PAN OS requirement must be PANOS version 11.2.2-h1. Currently PAN OS uses 10.2.9-h1, then I checked in portal Preferred it is still 11.1.6-h3. Please confirm to Palo Alto best practice, whi

PAN-OS ISO File download blocked

Hi Everyone,

I am unable to see on my Palo Alto Firewall PAN-OS 11.1.4-h13 on Monitor Data Filtering or Unifed when I was downloading an iso which file extension in the iso file is blocked.

Nothing shows up as blocked and the browser stops the down

What is still missing or needs to be improved in PA Next Generation Firewalls ?

Hi, will like to understand the oppinion from the PAN community about the features that are still missing or needs to be improved.

Will appreciate if you can specify by functionality like :

FIREWALL

Must Have : A,B,C

Nice to Have : D,E,F

Thks

Mario

Local authentication should not work if when radius is available

We're configuring authentication and we have a requirement that Local authentication should not work if when radius is available.

Team - is that supported of Palo Alto Firewalls? Let me know if that is possible or any documents would help us.

Tha

building a lab with PA-440 or VMs

Hello everyone,

I have some knowledge about PaloAlto NGFW but now I intend to focus and get some certifications. For that I bought a PA-440 which runs 11.2.5 and I intend to buy a second one which doesn't have an active license and running 10.2.3-h

UDP Relay support on PANOS 11.1

Hello Experts,

Is UDP broadcast relay (not DHCP) supported by PANOS 11.1?

There is a requirement to relay these UDP traffic:

ip forward-protocol nd
ip forward-protocol udp 10001

Upgrade DCs to W2019 stop working Palo Alto agentless

Hi,

We upgraded all ours DCs to W2019server and now the Palo Alto can not monitor the users. We use Agentless UserID.

So how can we fix it? 

Is there a limit to the number of objects within a dynamic address group?

I'm working on doing some clean up, and I want to take advantage of dynamic address groups. I have 943 address objects tagged and one dynamic group. 

When I monitor the logs, I see some traffic bypassing my rule and going to rules below. I checked the

Software version 11.1.5 gone?

Now I can not download software version 11.1.5 or 11.1.5-h1 now. what's happen?

GRE tunnel issue with packet size

Hello,

I am migrating old ASA to Palo Alto PA-440, one of the things i am trying to migrate is IPsec tunnel, that Ipsec tunnel carries only two remote hosts which are sources and destination for GRE endpoint on Cisco Switches. When i try to migrated

Install Device Certificate for LogCollector CLI

Hello everyone,

I upgraded a Pan log collector to Software version 9.1.11 . Recently I receive the event "No valid device certificate found" . So I need to generate OTP certificate and install it . This can be done easily through GUI. However, with Lo