Any chance of having automatic config backup option on the firewall (not Panorama) in the future

Heylo.. any chance of having the PAN firewall (not Panorama) do automatic backup of configurations as per time/date settings?

I am now having customers asking me if PAN have this somewhere down the line being implemented on the firewall.

Cheers..

Kalyan

GlobalProtect Portal has a problem with DHCP Ext interface

I'm hoping that someone from PAN Support or Development can answer this question.  I have been fighting with this for weeks now and have narrow the problem down to the GP Portal service.

Scenario

I have a PA-200 in my lab with two Layer3 interfaces def

Best way to block private ip's but make exception for 1 network.

I just upgraded from 4.0.7 to 4.1.6. Since this upgrade our monitoring server in the LAN 10.x.x.x/24 can not browse to our web servers in the DMZ 192.168.X.X/24. It shows up as, action  blocked-url, with Category of private-ip-addresses. I have priva

Need help with Enterasys NAC/NMS and PaloAlto UserID

I am trying to make the Enterasys/PaloAlto integration from this doc work:

Running 4.1.6 code on the PA-4020 and the associated UserID agent on a single server.  I followed the directions exactly but see no evidence info is making it to the UserID age

ARP Cache Limit on PA-500

Hi PAN,

When is that the PA-500 will have an ARP cache limit of 1000?  I was promised during the launch of version 4.1 that the ARP cache limit had been increased to 1000 from 500 just to realise that it never happened. 

I am desperately waiting for s

Traffic log database exceeds alarm threshold

Hello,

This is not very clear on Palo box, since months we have issue that every
week we have alarm indicating that the log was exceeded 80 of the quota, in
fact we want to log all traffics and don’t want to disable logging on some
rules, I monitored dur

GlobalProtect Portal does not respond on DHCP addressed interface

I have don't extensive testing and discovered that if a GlobalProtect Portal interface is addressed via DHCP it does not respond to HTTPS requests. It only responds if the Portal interface has a Static IP Address.

Can someone please help with why?

Public IP's and DMZ

I am currently setting up a DMZ using a class C address range provided by my ISP. So far I have an untagged interface built connected to a switch and a VR built.

Example:

I have the subnet 10.10.10.0/24

I set interface G1/2 with address 10.10.10.1/24

I

Is it possible to transfer the username from an authenticated user on a squid to the log in the PA ?

Hello,

I have a squid proxy in the internal network, which does the user authentication against the active directory.

Now I would like to see the username in the logfiles of the PA firewall.

I do not want to use the username for authentication on the PA

Ethernet link speeds

I am curious what the recommended link speed settings for the various ports. The external port has to be hard speedcoded to 100/full as that is required by the ISP.  The internal connection is to a gig core switch at auto detect (1000/full).

Should th

Site to site VPN terminating in DMZ possible?

Is it possible to setup a site to site VPN and have it terminate on the DMZ interface rather than the WAN interface? We have numerous remote locations that are running small sonicwall firewalls and connecting back to our corporate site. They currentl