Hi, every body!I used Palo Alto - 500 with version 4.0.1On this device, Data plane CPU alway about 6-20%. I want to increase Data plane CPU on Pa-500 (4.0.1)Please help me How to increase CPU up to 70-90% ???Thanks all !!!
I'm trying to use different dns server for FQDN objects in each vsys.My platform is PA5020 v4.0.9., and I can see dns-proxy field in vsys creation window.According to the explanation in '?' help page, it says something about interface.Which interface does it point?What is the difference between interface in dns-proxy config window and this?If so...
I was wondering if there is any way to detect the Rogue/Fake Antivirus Malware that is making its way around the internet?A couple in paticular are Internet Security 2010, Antivirus Live and Advanced Virus Remover.Thanks,D
I am trying to implement a Exchange 2010 setup and the consultant is asking if the PA can handle HairPin routng and if it can front end the certs for the Exchange systems. I haven't a clue and google results were less than clear, so am turning to the forums and hopeing someone else does. Anyone?
I'm converting a Check Point firewall to PAN. they have multiple rules where ping and other user-defined services are participating. Can I create an app with the port of those services so I can have all in one rule? Do you see any problem wit that?
I must be missing a step because I am able to add a FW that has no policies or virtual systems to Panorama, but when I try to add a FW that is already configured with rules and multiple virtual systems, Panorama just says "shared policy status" "Out of Sync" and will not say it is connected. Is there a trick to get Panorama to allow me to add a...
Hi Guys,I am not expert in reading or understanding the Cisco ASA NAT rules and I have just started to feel comfortable with Palo Alto except for NAT rules. Can someone please guide me through on how to go around configuring the following Cisco ASA NAT rule onto the Palo Alto?I have just taken a couple of rules to convert. Based on this, I wou...
hello and hope someone can help,i am brand new to PAN(not to FWs or networking) and I've been trying to get this to work for a week now with no results?i have attached some pics of the user id agent gui and logs.i have read and followed the instructions found in the following docs:" user-id agent initial installation and setup version 4.1","us...
Hi ThereWe have this problem after implementing PA-2020, we are facing the slow ness of our internal web site, before we were using ISA 2006 proxy where we can add exception in the Policy Management put now we could not implement proxy in pan and we remove the ISA according to PAN recommendation
Users are getting "can not display web page" in IE and "connection reset" message when using firefox when opening the browser up and captive portal is attempting to redirect them to the authentication page or the "block-continue" page. Has anyone noticed or seen this happen? I notice it only when the WMI polling fails to correctly identifty the ...
Hi,We're using dynamic URL filtering (ie the "cloud" database") within our URL-filtering profiles. Within PAN-OS 4.1 there is now the option to match on URL category within security policies, but no checkbox there to use the Dynamic Filtering. So, if I try and access a URL thats not in the local database, does the firewall still go and query t...
Hi,I have a problem where the 'User ID Exclude List' setting within the Zone setup on a Palo is not working.I have set my UserID agents to collect events from all IP addresses, then want to filter them on the PA itself as this seems the most logical sequence. I initially only added the objects to the 'Include' list that I wanted to collect ID's...
Our PA-2050 is consistently running at 70-85% on the dataplane CPU despite running at 1/5 of the advertised maximum specs (40-40k sessions and 100-110mbps). I understand that the specs listed are best case scenario and don't expect to get close but I do expect better performance than what I am getting. It could be that our device is just wonky s...
So, we are currently using the user-id agent to monitor our CAS exchange servers. This is working great for identifiying our internal users hitting exchange from the inside. However I would like to begin identifying users that are accessing the CAS servers from the outside. I have tested this with a single IP address range added to the user-ID a...
Hi.Is it possible in PAN OS 4.1 to send traffic between two VSYS when the interfaces are not in the same vr?Thanks
| Subject | Likes |
|---|---|
| 2 Likes | |
| 2 Likes | |
| 2 Likes | |
| 2 Likes | |
| 2 Likes |
