General Topics

GlobalProtect - Client Certificates Deployment

Greetings,

I have used the following article to distribute client certificates for GlobalProtect:

https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Issue-Certificates-to-GlobalProtect-Devices/ta-p/53642

My understanding is that with

QoS and interfaces - some conception advice needed

Hello

I will migrate fom PA200 to PA500. I have some local networks (DMZ, Wifi for students, Wifi for stuff, LANs)

I need to use QoS but I need some advice with that.

I know that I can controll only on outgoing interfaces but I have no idea how to get

Mounting Orientation for PA-500 (Vertical - Wall Mount)

Does anyone know if the PA-500 can be mounted using a 19" Rack mall mount bracket?

(Front = Up) (Back = Down).

Using something similar to this?

https://www.startech.com/Server-Management/Racks/2U-19in-Steel-Vertical-Wall-Mount-Equipment-Rack-Bracket~RK2

Ultrasurf again - still getting through, how to block?

Hi, 

Even though the PA firewalls is detecting the traffic is Ultrasurf, the application is still working. 

I've got a security rule to block by application 'Ultrasurf', and we have SSL decryption as well. 

thanks

User-ID causing high CPU

Hello People, 

My client has receently upgraded to 7.1.3 and now the management plane is constantly running 100% on all firewalls. 

This is the following message displayed and filling up the userid.log

2016-07-22 16:43:38.660 +0100 Error: pan_user_id

Looking to Learn Palo Alto

Looking for advice on cheapest way to learn Palo Alto? I am a consultant and dont have any Palo Alto licenses. Is a VM lab license affordable, is there trials or is ebay the best option?

Thanks in advance!

VM-200 can't reach vSwitch from L3 interfaces (vSphere/VMWare)

Hi, I only can reach the mgmt interface. But not the other L3 interfaces, I tried setting those IPs @ the same vSwitch where the mgmt interface resides, but nothing. 

There are 2 Windows VMs (2008/XP) they see each other in any switch I configure the

PA Eval license in Unetlab

Hi

I want to test PA in Unetlab 10.0-12

https://nbctcp.wordpress.com/2015/06/26/bypass-firewall/

But I don't have URL Filter eval license.

QUESTIONS

1. how to get eval license for 2 PA because I also need to test OSPF between 2 PAs

2. with eval license b

PA-200 Cable modem VPN sites needing a power cycle to restore connectivity

I have multiple remote sites that connect back to a main site through PA-200's, using Charter Communications cable modems.  At various times the PA's stop forwarding traffic.  I can no longer reach the PA's and I have setup management on the outside

How to prefer 1 ISP for one application

I got why huge traffic is coming to port 3978.Application is identified as Panorama.
Its hge Gbs of traffic in one session.
The source IP is firewall management Ip and destination is Panorama IP.

But why i need to kill this session means, we have a setu

UserID What's the best practice for configuration crossing multiple firewalls

Hello,

We are starting to deploy UserID based policies across our enterprise.

I'd like to know what is the best practice when dealing with rule policies that cross multiple zones/firewalls that are in different locations?

Does the user portion of the ru

Adding IOCs to URL Filtering

Hi PAN Live Community,

If I add additional IOCs (URLs/Domains/IPs) to our current active URL Filtering Profile, how do I make those new IOCs take affect?

Besides committing the changes to the added IOCs, do I need to re-apply the this profile to the