General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Number of supported Global Protect clients per box ?

In all the specifications sheets there is a different number listed for the concurrent SSLVPN and IPSECVPN supported clients.

eg. on a 5020

  • 2,000 IPSec VPN tunnels/tunnel interfaces
  • 5,000 SSL VPN Users

I find these number very confusing :

Globalprotect

...

Resolved! Threat Prevention Throughput

Hi,

Just want to know if there is a way to see how much threat prevention throughput is consuming? The command I use to check for the current throughput is show systems statistics sessions but I believe this is for the firewall throughput. Please corr

...

Blocking jar and class files. What about *.pack.gz?

To mitigate the threat of the non stop java exploits Ive started to block jar file and class files. Now in the data filter logs i spot *.jar.pack.gz files. Im wondering about a few things

  1. Is blocking jar and class files a good mitigation against brows
...

choff123 by L3 Networker
  • 3252 Views
  • 3 replies
  • 0 Likes

Resolved! flow_inter_cpu_nat_mismatch

Hi All,

   Noticed this Global Counter incrementing on our 5060 platforms ( running 4.1.x code ). When messing with the command "set session processing-cpu" and pointing all new sessions to a single CPU the counter stop incrementing (makes sense, no i

...

dpenhall by L2 Linker
  • 1646 Views
  • 1 replies
  • 0 Likes

Shared Application Groups in Panorama Version 5

In Panorama Version 5 it can be configured that address and service objects are only applied to firewalls which actually need these objects because they are used in the policy. Unused objects are not pushed to the firewall. However we found out this

...

Anon1 by L4 Transporter
  • 1589 Views
  • 1 replies
  • 0 Likes

GlobalProtect Vsys issue

Hello

I want to configure GlobalProtect Remote Access to limit the connection to a Vsys from external administration users to just the ones that uses VPN.

I have tried on a PA-200 and works but There's an error when I configure the same settings on PA-

...

Resolved! Routing Daemon

Hi All. Could you please let me know the routing daemon used in Palo Alto firewalls.

Thanks in advance.

Hari.R

Resolved! DHCP - Getting info on allocated IPs

We have our PA-500 setup on our company's public network.  This network is used by employee's personal machines and clients machines when they come into our office.

We have run into a few situations that we can see someone is most likely infected as t

...

smithp by L0 Member
  • 1802 Views
  • 1 replies
  • 0 Likes

Need another BGP instance on Virtual Router

So I need another BGP instance on a virtual router of mine... but ive read that its not possible


Admin Guide

The firewall provides a complete BGP implementation that includes the following features:

Specification of one BGP routing instance per virtual

...

choff123 by L3 Networker
  • 3035 Views
  • 2 replies
  • 0 Likes

Resolved! PanOS 5.0 on-device User-ID agent

Hi,

I have installed a PA200 with PanOS 5.0.2 and on-device User-ID agent. I have connected my device on a network with a DC Windows 2008R2 and I have configured User Mapping and Group Mapping Settings as explained in the Getting_Started_Guide_PanOS 5

...

lauro7 by L0 Member
  • 2260 Views
  • 2 replies
  • 0 Likes

Resolved! Problem with interzone U turn NAT

Hello,

I followed the instructions in the paloalto "understanding NAT-4.1RevC" pdf for implementing U turn NAT.

It works when I try to access a server in the DMZ from the trusted zone via it's public untrusted IP.

I have now a web server which somehow t

...

Resolved! Physical connectivity validation on passive device

Hello,

We use vsys on our PaloAlto cluster. During a new vsys deployment, I would like to validate that the passive device's physical connectivity to a switch is working.

But I don't wish to launch a failover just for this, because it could impact the

...

Duplem by L2 Linker
  • 3393 Views
  • 2 replies
  • 0 Likes

Resolved! GP agent takes 30 seconds to connect

Hello

We are currently testing the GlobalProtect VPN client. One issue that bothers us is that the GP agent takes more than 30 seconds to connect to the gateway. Is that really the time it takes to establish a tunnel? Our earlier PPTP solution took 1-

...

oschuler by L4 Transporter
  • 3653 Views
  • 4 replies
  • 0 Likes
  • 24130 Posts
  • 102 Subscriptions
This widget could not be displayed.
Top Solution Authors
Top Liked Authors
Labels