RFC1006 protocol over TCP

Hi has anyone heard of this protocol, give simple example of how it works AND whether or not it's supported by Palo Alto ? 

IPSec VPN tunnel question, Proxy-ID and peer IP same?

I am creating a static routing IPSec VPN tunnel with a 3rd party.  The 3rd party wishes to NAT their hosts to their peer IP, which means the remote peer IP will be the same as the proxy-ID IP.  How do I support this?

URL Category rule works on some firewalls but not others

We are using a rule to permit traffic for Cisco licensing using URL Categories.  The rule is applied via template, so all of the firewalls get the same rule.  The only variable is the source IP/host.

This rule works on most of the firewalls (all ar

PA-220s randomly crashing

We are having a large number of our PA-220s randomly crashing. No critical system logs are see shortly before the crash, the device just goes down and they are logs of dataplane starting up like 30 minutes later. Our other models are fine, its only t

Need help! Specific subnet cannot access my internal resource

Hi Team,

I just need an advise. 

I have this setup as attached but I have this mystery that's been bugging me for days now. There is only one subnet which cannot access my internal resource.

I ran the filter and global counter and there are speci

Concurrent Policy Installation

Could someone help me from which PAN-OS version can we do Concurrent Policy installation ? 

For example : Admin A and Admin B can push 2 different Access Policy to 2 different Clusters ? 

User-ID mapping without ldap across an enterprise

Hi All,

not having the best day with thinking 

Palo Alto Scenario:

PA FW CLuster in HQ
Panorama Log Collector only in HQ
Standalone PA FW in SiteA
Standalone PA FW in SiteB
Standalone PA FW in SiteC
Standalone PA FW in SiteD

No Panorama mgmt in p

PAN HA with different SFPs

Hi Guys

quick question.. planning a pair of PA 5420's in HA - the plan was for each to have a 40gb QSFP+ module.

however on our secondary core switch we are unable to source a 40gb sfp in time.

So.. as a temp solution, will HA work if we have a 40G

Remove Domain Name from LDAP user mapping IMPOSIBLE =(

Hi

Someone know if there is a way to remove the domain name from the group mapping

The reason why is because i get from external source on palo alto the user id test1 or "test2" or "test3"

Goal is create a policy rule base on the source user that i

Threat Logs not showing specific source IP Address

Hello everyone!

Just have an issue that I can't seem to figure out.

In our threat logs, we are noticing that the source address shows the default gateway address rather than a specified address. We will get a specific address, however more often

Modified XML API for Top Users last 30days

Hi Support,

We want to get top all users for last 30 days  using XML API, how we get it?

This is XML API to get top 10 users (Worked

<type><panorama-trsum><sortby>sessions</sortby><group-by>srcuser</group-by><aggregate-by><member>src</member><me