How do you setup the equivalent of Cisco DHCPD on an Trusted Layer 3 interface

How do you setup the equivalent of Cisco DHCPD on an Trusted Layer 3 interface of a Palo Alto Appliance

We have remote Cisco VPN  sites we are looking at converting to Palo Alto VPN Sites

I need to be able to assign IP addresses to workstations at Remo

Tunnel times

I have a tunnel that is up 8 hours and down 16 hours almost consistently any one have any ideas what would cause that?

Suspicious DNS Query (generic:blonde.crazytall.com)(4100529)

Does anyone have a link to more information regarding this threat ID ?

I have searched PA's support site and the internet, and have had no luck.

Thanks!!

SSL Decryption

Want to enable this feature.. is there a guide I can follow to start configuring and testing?

logdb export very slow then fails

Hi,

I have a PA-500 which is running PAN-OS 5.0.9 and a Panorama server running PAN-OS 5.1. The Panorama is new and I would like to get all the historic traffic logs from the 500 to the Panorama. I have used scp export logdb user@server:logdb to expor

Active/Passive HA Sync Issues

I'm in the process of testing out two PAN-M-100's in the lab and more specifically testing the HA functionality at this point.

The issue that I am running into:

I have changed the Primary to Passive and the Secondary to Active, made a change to the Act

vwire unequal packet/bytes count

Hello!

So, we have a very simple lab topology with virtual-wire and a single "allow all" policy.

I think it is important to note that on the egress interface is a single host that should not be generating any traffic (or minimum traffic). The ingress p

Alternatives to Panorama for log collecting?

Hi.

After a recent failure HD on my normally active firewall, it appears I'm going to lose close on 12 months of logs because Palo Alto has no defined process to get the logs off a failed hard drive (where the log partition is still accessible) onto t

export config through cli

Hey all,

Is there a way to export the (running) config through cli?

Output should be a config file we can IMPORT back into a new device.

- NOT using SCP (we have restrictions on this)

- NOT using the API (php/rest/browse.php/export::configuration) (we on

Allowing access (read only) to docs.google.com/viewer without allowing access to Online Personal Storage categorized sites

We have a situation where a site categorized as "computers and internet" (allowed for all users in our environment) references a pdf located on Google Docs (which is categorized as online personal storage).  An example is docs.google.com/viewer?url=h

PAN as a DNS Forwarder to resolve External DNS Names

I'm looking on how to configure DNS proxy on PAN and found below link that provide great information.

https://live.paloaltonetworks.com/docs/DOC-3637

https://live.paloaltonetworks.com/docs/DOC-3522

https://live.paloaltonetworks.com/docs/DOC-4633

However,