General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

PA-200 CPS vs Actual users

The specifications for the PA-200 show a CPS ( connections per second ) of 1000.

What number is generally agreed upon to calculate how many connections are actually used per user?

I've previously been told 50, which means all of 20 users being active a

...

KatanaNZ by L3 Networker
  • 3695 Views
  • 5 replies
  • 0 Likes

Traffic logging stopped in PA4020

Traffic loging in my P4020 stopped yesterday. No new traffic log events after that.  Command  >debug log-receiver statistics is showing rising amount of Logs discarded (queue full), while Traffic logs written is constant.

Logging statistics
-----------

...

tomkas by L0 Member
  • 2369 Views
  • 1 replies
  • 0 Likes

Panorama CLI questions

Had a couple of questions regarding some CLI commands for Panorama

Panorama version 4.1.0

Devices are a mix of 4.0.4, 4.0.7 and 4.1.0

Is there a way to update licensing information for the firewalls from the Panorama CLI

request batch license info  shows

...

jcostello by L4 Transporter
  • 2512 Views
  • 1 replies
  • 1 Likes

does session drop when changing VR?

I have an HA PAN scenario with single VR, after commiting a change to the default VR name then adding another VR to the system, I have noticed that some sessions droped.

Most of our sessions are opened one time and continue until service restart, if a

...

areda by L0 Member
  • 1674 Views
  • 1 replies
  • 0 Likes

Multiple ISP's for Global Protect Client?

I've been messing with the setup of using multiple ISP's in an office and maintaining the functionaility of an inbound VPN client for both - aka redundancy.

I guess my first question is, can a client have a Global Protect installation that is able to

...

cmaier by L1 Bithead
  • 1867 Views
  • 1 replies
  • 0 Likes

Policy complexity considerations

When creating policies, especially Security and QoS, how much consideration do I have to give to the number of policies?

If we want to get very granular with these policies, will we pay any significant penalty in performance (either in device administ

...

sspivey by L1 Bithead
  • 1733 Views
  • 1 replies
  • 0 Likes

Pan OS 4.1, Destination Nat Problems

Hallo,

I installed a PA500 wit Pan OS 4.1 at customer side and most thing working fine.

I configured the WAN interface as DHCP-Client with default route to this interface. In NAT-Rules i want to publish a internal server to give external sources acces

...

Show unused rules option

The show unused rules is very helpful but as I work at cleaning up rules after migration it would be really handy if I could clear that flag to see if the new rulesets created are handling all of the traffic before disabling the old rulesets. Is ther

...

PA-500 WAN connect directly to ISP

Hello,

We are using an PA-500. We would like to connect the WAN port directly to our ISP.

Normally the ISP requires a Cisco router with the following requirements.

Connectivity requirements:

Ethernet / IEEE 802.3-2005

WAN side 1000Base-T full duplex

100mb

...

check to check "deny" packages

Hi

I have some rules that will allow IPSEC between two Windows Domain Controllers, but it only works when I allow "any" underapplication - unless I ping from both ends.

So how can I see what port I am missing in my custom application group?

Thanks

FlexyZ by L3 Networker
  • 1424 Views
  • 1 replies
  • 0 Likes

User-id is it possible to check computers?

Hello,

One of our clients want to know if it is possible to build policies based on computer membership to AD groups.

In this situation we want to differentiate between computers that belongs to AD and which do not in purpose of VPN connections, so tha

...

Terminal Services User-ID Agent Flaw

A new customer during deployment was wanting to test how well the TS User ID agent was working at identifying users. We logged on as User A and started a specific ping. We search the log file, and there was the ping. We had it running continuous for

...

dpayne by L1 Bithead
  • 2969 Views
  • 4 replies
  • 0 Likes
  • 24088 Posts
  • 101 Subscriptions
This widget could not be displayed.
Top Solution Authors
Top Liked Authors
Labels