System health indicators, what systems should be monitored on the firewall to determine the overall health of the firewall?

What would be the best way to determine the current overall health of a firewall? What system indicators should be constantly checked?

Thanks

Interface mgmt services (ping,ssh,https,etc..) have no response in WAN2 if the default route is WAN1

:Hi, all,

Suppose I have a following simple network architecture :

- WAN1 : 1.1.1.1/24 (GW: 1.1.1.254)

- WAN2 : 2.2.2.2/24 (GW: 2.2.2.254)

- Default Route : 1.1.1.254

In WAN1, all the interface mgmt services are workable, I can connect it from a internet

what is error: profile compiler : genara dlp parsing error? while doing commit.

Hi All,

what is error: profile compiler : genara dlp parsing error? while doing commit.

Thank you,

Gururaj

PBF route distributed over dynamic routing protocol

Hello.

Is the above possible? Can a PBF route be further distributed over a dynamic routing protocol like OSPF?

Best regards,

Simon

How to create a rule for allowing access to Gmail with Outlook?

How to create a rule for allowing access to Gmail with Outlook?

generic:beerwineandcupcakes

Upgraded to PAN OS 5.0 last weekend, got home from the Ignite Conference and was looking through the Threat Logs and I see a bunch of entries for spyware based on DNS signatures (new feature in PAN OS 5.0).  Is there anyway to find out more informati

strange connection from PA - help me please

Hello

Today I recognised that one of my security policy droppping trafiic from IP 192.168.1.1 adddress from one of my subinterfaces to IP adersses to port 135 from other subnets.

I'm using CaptivePortal but not in that zone where is 192.168.1.1, I'm us

User showing in logs, but do not show up when creating security policies

Palo Nation,

I am trying to create a security policy based on a specific user, but when i get to the user tab nothing shows up.  I check the CLI to make sure I was getting the user-ip-mappings ( show user user-ip-mapping all).   When i get to the sec

Problem with Captive portal :

Dears,

I'm using PA-500 with 5.0.11 OS.

I would like to get help for the captive portal, HTTPS traffic isn't being interrupted while HTTP is working fine and redirecting traffic for authorization.

Please help me.

Regards,

Umair.

tftp being blocked on internal network

I am trying to use tftp to backup my cisco catalyst 3500 xl switches and it show that the PA 3020 is blocking by tftp traffice when it hits the clean up rule. Is there an easy way to allow tftp?

Policy report for PCI

For PCI compliance, I need to submit poof of our firewall policy (we use a PA3020).  Is there a standard report that I can run that summarizes our Policies, or is there a way to export the policies to a PDF or spreadsheet?  On our old ASA I could sim

Windows Radius Server (NPS) / User ID discovery through PA Agent

I'm trying to figure out a way for the PA to discover usernames / IPs for wireless clients (could be Iphones / Andriod) authenticating via a Windows 2008 R2 Radius server. Clients are authenticating through dot1x (wpa2 enterprise). Auth and everythin

Issues upgrading pa200 from version 4.1.6 to 5.0.10

I downloaded OS file version 5.0.10 and when I tried to install it, I get the following error message:

• Failed to install 5.0.0 with the following errors. SW version is 5.0.0 Error: Upgrading from 4.1.6 to 5.0.10 requires a content version of 320 or g