ISP Load balancing with ECMP

I have the Following Scenario on a PA-200

[ISP1]

Zone = Untrust

Eth1/1 = 192.168.7.110/24

Modem GW = 192.168.7.1/24

[ISP2]

Zone= Untrust

Eth1/2 = 192.168.5.110/24

Modem GW = 192.168.5.1/24

[Local LAN]

Zone=Trust

Eth1/3 = 10.1.1.1/24

Running DNS-Proxy and DHCP

How to filter rule by subnet

Hi there,

I'm trying to filter the rules via subnet.  Is this possible ?  I've tried copying (addr in '10.10.10.0/24') from a working log filter search and that doesn't seem to work.  There's no filter builder like the log search box so i can just u

Max number of supported tunnel VPN client to site on PA-200

Hello,

I must configure a simultaneous access VPN client to site for 60 users on the PA-200. But this firewall support only 25 tunnels vpn (datasheet PA-200). It's possible to have an extension of the number of vpn tunnel on the PA-200?

Issue after Internet Upgrade

We recently installed a new 300/300 circuit and MIS router at my workplace.  No IPs have been changed, but since the upgrade we cannot ping internet addresses, and our latency and speed results from speedtest.net are horrific (like 1000+ and less tha

Service settings in a NAT

I ran across this setting this morning- when setting up a NAT rule, you can specify a service or service group. Cool, but is there a reason to do that when a policy is necessary to open a service port?

Error Checking credentials - Gateway Timed out

Hi There,

  I have installed Minemeld on my Ubuntu Server 14.04.. And the service is up and running.. Wheneve I use the default Username and Password to logon to the console, it gives me an error "Error Checking credentials - gateway timed out".. I ha

Management server failed to send phase 1 to client dhcpd

My HA is not in sync because I am getting above error message. 

Are there like basic troublehsooting steps/docs which I can do?

Global protect authentication LDAP not working fine

Hi, we have GlobalProtect configured using a LDAP group for authentication in the VPN "cn=groupvpnusers,ou=_generic_groups,dc=it,dc=xxxx,dc=local"

When we commit this new config using vpn group in Auth profile, the GP authenticacion is working fine b

Discussion on most stable PAN-OS image as of July 2016

I am going through some cleanup of our PAN firewalls. We have 8 sites with active/standby pairs of PAN's. The sites are connected with IPSEC VPN's. The code varies from 6.0.3 to 7.0.4 versions.

What's your feeling on the most stable 7.X code as of no

VPN question

Hey there,

I was curious if anyone successfully used another VPN client on their IOS or Andriod device that works.  I was told that with X-Auth/IP-Sec the Cisco Anyconnect client worked but it appears that the new 4.0 client does not (am I wrong?).