Qos policy and order of precedence

Hi,

If  a qos profile  class 3  set  limit 10 and no quarantee set . And a qos policy created and it kept on top of the policy list .

Lets say there are other classes  also  set  like below 

qos policy 

1 ) 10.0.100.10   class 3 

2 ) 10.0.101.11  class 2

UserID agent version

Old

Firewall and Panorama - live update design an architecture

I wanted to get a consensus from the community how do you design the firewall architecture to procure updates on the hourly, quarter hourly frequency nessistated by Next Gen firewalls. 

Do you deploy a bastion host which panorama can reach out and ge

Implementing PA-500 Firewall along side of Cisco ASA

Hi there, 

We currently have a Cisco ASA 5512 in place, and we're planinng on implementing a PA-500 for web and app filtering. Has any one in the community ever done this before? If so, I'd greatly appreciate some advice.

Thank you

Global Protect Client Backward Compatibility

Hi,

We have around 500 concurrent SSL clients connecting to our Palo Alto Gateway using Global Protect version 3.0.1.

If I activate the newest version on the Firewall (Version 3.1.3), will the existing clients be unaffected by this activation and con

Proxy id between Palo Alto firewall and Cisco ASA

Hello Experts

PA side there are two subnets: 10.0.1.0/24, 10.0.2.0/24 and Cisco side there are also three subnets 172.16.1.0/24 , 172.16.2.0/24.

On PA firewall, I defined the proxy-id as below:

proxy-id1: local: 10.0.1.0/24 remote: 172.16.1.0/24 

proxy

Blocking Bittorrent

I have setup two rules for blocking bittorrent on a particular zone.  First rule is set to Deny Trust to Untrust using an application filter built with P2P applications.  Second rule is set to Deny Untrust to Trust using the same application filter. 

Please explain the PanDB/Brightcloud's category “not-resolved”？

Hi,Guys: I found the category "Not-resolved" in device GUI(Both Pandb and Brightcloud), I searched it in paloaltonetworks.com and brightcloud.com website, But could not get any description about it. Any guy explain it ? Thanks Victor.Bai

Adding NAT rule order in Panorama cli

Hi all,

I am looking to add around 60+ NAT rules for monitoring over IPsec that requires a policy NAT. I need to have them above another rule in the list for it to work. It is a very messy NAT list that I don't have the freedom to clean up. The NAT e

PA allowing IM (viber,line,zalo) | PA policy process

Hi,

target is to allow im apps but modify categires.

I have created a policy allowing IM and modify most categories as block. 

Policy sample:

Policy is SRC: 192.168.x.x | DST: any | Srv: any | App: IM (viberbased,im,googlebased,ssl) | Url:BLK_CATEG

BL