Cleaning obsolete firewall rules

Hi all,

We have recently migrated from Juniper to Palo Alto firewall and there are numerous firewall rules that are obsolete and potentially a security risk to me. I tried to use "highlight unused rules" button but it does not seem consistent to me. A

Globalprotect msi

Hello

Is there a difference between the Globalprotect msi files you can download from the software support site and the Globalprotect msi files you can download from your own Globalprotect portal ?

The reason why I ask: I'm testing deployment of the GP

App-ID updates break existing rules

Howdy,

How do most of you manage situations where App-ID updates break functioning rules?  This just happened to me: I have Lync 2010 and the internal clients need to connect to the edge server.  I had a rule in place that allowed ms-lync, ssl, and st

My PAN-2020 Network port are not working any idea?

The Status let is in orange, the console port is working but none of the network ports work. Any suggestions?

Cisco VPN Client and PAN NAT

This is an obscure problem.

I've got visitors from another company on our network trying to VPN back to their office with Cisco's VPN client to a Cisco ASA appliance.  They are unable to connect, randomly.  Most of the time, at least one can connect,

GP Portal Config

We need to create multiple GP portals mapped to the same physical interface on the box . We have setup the first one but we can't select that same interface to setup the second portal . How do we setup multiple portals on the same physical interface

How to add the IP address into Address Groups directly

I want to add IP Address into Address Groups directly ; I don't want to add item into Address Groups by Address Name.

Is It the limited of PAN ?

Please help me how or some tricks.

mail/dns/www/ftp server in DMZ - need advice

Hello

I'm preparing to move my server that is mail/dns/www  into DMZ zone. I did some tests and it seems to be working - but as good as I can test...

Do I should use application (dns,smtp,pop3,imap,ftp,web-browsing) or use a services on ports 53,25,110

Global Protect Slow

I've been experiencing the Global Protect Agent to be extremely slow.  Just upgraded to 1.2.6 hoping for some change, well it got even slower.  Connecting via IPSec and I go from my Comcast home connection being 25Mbps down / 10Mbps up with speed tes

PA dont recognise the groups for one user

Hi,

I just upgraded to 5.0.8 and im having a problem with one user. I have a user who is not being assigned to his groups.

This user (explotacio) belongs to 3 groups in the Active directory but Palo Alto cant assign to these groups. I have clear the us

Schedule a reboot

Hi all,

is it possible to schedule a reboot on a PA-200? I like to schedule a reboot on specific time.

The firewall is connected to a DSL modem. Our ISP cuts the connection every 24 hours. The interruption of the connection should not occure during bus