General Topics

DMZ Setup

I'm in a position where I need to move a device that is currently inside my network to a DMZ on my Palo 2050. Which puts me in a position where I need to create a DMZ on my Palo. Does PA have a good document for creating a DMZ? I haven't been able to

interface failover on PA500

Since link aggregation (LACP or etherchannel) is only supported on PA4000++ I want to build a simple interface-failover / interface-group setup (like any other enterprise firewall allows even on low-end devices).

group

To do this I would do the followi

ssl-vpn and IPsec tunnel Palo Alto with Check Point

Hello all,

I'm hoping that somebody may be able to answer a few questions I have about the configuration of Palo Alto firewalls please?

I want to set up two differents VPN, one ssl-vpn and one IPsec, i do this because i want to conect to my firewall fr

is it possible to add a CA in PA device?

Hello there.

I have a question related to CA for SSL client.

Customer has a certificate which issued by Trusted Root CA, but this trusted root CA is not contained in an ssl client's browser.

And then, the customer certificate was issued by this CA.

So,

Blocking darknet hits

Is it possible to implement a darknet on PAN OS 4.1?  I have a number of publically addressable subnets that aren't in use and I'd like to block all traffic, for some period of time, from Internet-based hosts who hit those subnets.  I currently have

FQDN address object resolution (multiple IP's)

Hi

Can't seem to find more information besides the Administrator's guide v4.1 on this. I have two questions on this (FQDN address objects):

1) Security policies using a FQDN address object works great. Tested it by blocking access to certain websites.

GP agent without auto starting services

Hello PAN,

Some of our users has a GPAgent on their private computer in case (very rarely) that they suddenly need to be able to connect to the company.

For such users - the automatic starting of the services are *extremly* annoying and disturburbing f

hard disk specification??

Hi all.

I’d like to know hard disk specification of every each PA appliances (include PA 5000 series).

What I want is a below.

  hard disk size

  Number of hard disk

  HDD RAID configuration level

Also let me know, if you have more useful information

Panorama Issues

I'm trying to migrate my devices to Panorama, and am having a few issues.

1) I cannot switch to Brightcloud URL filtering, I get the following message:

Server error : Successfully set URL database to 'brightcloud'.Failed to read 'br

ightcloud' categorie

Application limit when pass FW

Hello every one .

     I try to implement PA-500 on PAN-OS 4.1.6. Then I configure 2 security policies.

    1. security policy for deny bittorrent from both direction (Trust and Untrust zone) .

    2. security policy for allow all traffic both direction

I've messed up my port forwarding

Hi all

I'm a very inexperienced Palo-Alto user - My 2050 arrived last Friday, and I've been tinkering since.

I followed the advice found in https://live.paloaltonetworks.com/message/12754#12754 to setup a port forward, which is working, but a bit too w

Control Maximum and Minimum Internet for a User

Hello,

Can I use a Palo Alto 2020 Firewall to dedicate a minimum and maximum internet usage BW per username or IP address, if so is there any license needed.

Thanks