GlobalProtect behind an Internet Load Balancer

Dear all,

I've implemented globalprotect behind an PPPoE Internet modem successfully. But now, for redundancy, I need to implement 1 more PPPoE Internet line, so the topology becomes PAN globalprotect behind an Internet Load Balancer with 2 Internet l

BGP to PEER Issues

After doing an IOS upgrade on one of our router SDP's, we are now experiencing issues with BGP between the firewall and the router.

We will see BGP drop on the router, yet the firewall will still show BGP as established.

In the Router logs, we are see

debug uid group mapping

hey

is there any document describing how to debug agentless group mapping process?

string has more than 255 characters

Hello,

I need to block web link which has more than 255 characters (see bellow). Could you please advice me how to do it?

https://www.tripadvisor.com/UserReviewEdit-g274935-d4039363-a_placetype.10023-e__2F__Hotel__5F__Review__2D__g274935__2D__d4039363_

Monitoring Attacks in real time

Hi,

I'm wondering if there is another way instead monitor tab to monitor attacks in real time.

Does anyone else thinking about it?

Leonardo Dias

How to disable DHCP logging?

Hello

I have to limit information in system log becase at the moment I have logs from last 7h only!

The most chatty is a DHCP server for my WiFi. I didn't see any option in GUI to disable logging, so is there any other option to it?

Can I filter informa

Custom vulnerability signature based on X-Forwarded-For values

Hi,

We are using a PA-3020 and in a need to set up some additional custom rules which will ignore false positives coming from legit external scanner to our webservers. The web traffic is hitting the load balancer so all traffic is showing as sourced t

SSL Decryption and Cisco Jabber client

We currently use Cisco Webex for desktop sharing, video conferencing and IM. Our environment has mostly people using the old Webex connect client and a few 'pilot' users of the Cisco Jabber client.

Recently we implemented SSL Decryption and everything

Howto track a Public IP outside to failover in case of lose of connection ?

Hi,

I have a cluster of PaloAlto 3050, I want to monitor a Public IP (by example Google.com) and in case of the PaloAlto lose the connection I want to failover to the second PaloAlto.

I already monitor the Interface, but if the Interface is UP, but the

Proxy ID's question

Can someone clarify Proxy ID's for me? From what I see they're the same thing as encryption domains? What is the syntax, does it have to be one to one: ie SIP 1.1.1.1 DIP 2.2.2.2

Bulk Apply Profiles

Hi All,

Is there any way to easily bulk-apply a threat prevention profile to a large list of Security Policies?  Maybe through the CLI?  We have about 600 security policies that do not have threat prevention turned on.  I'd like to do so, and have the

ACC factor Reduce level

Hello All,

is there anyway to reduce the ACC risk factor value?

Regards,

Maher

Problem with incomplete application

Hi all,

I have the same problem with incomplete application.

!Public zone! <====> PAN Firewall <====> INSIDE Firewall <-----> Server IP.

I have nated Server IP to Public ip, and configure rule like the below.

Name: (Ping) ; Src zone: (public); Src: (any)