General Topics

Resolved! Is there a way to configure PA 5220 as L3/4 or L7 load-balancer?

Hi,

We have two PA 5220 and we are wondering if there is a method to utilize them as load-balancers in addition to their main use as firewalls? Is it doable? If yes, do you recommend such use case for production environment?

The goal is to load

...

After Upgrade to 10.1.5-h2 the Email delivery takes a very long time with attachment.

PA-5220, After PANOS Upgrade to 10.1.5-h2 the email delivery takes a very long time with attachment.

Resolved! HA Link Monitoring.

Is there any pre-requisite to keep the interface speed and duplex to auto , auto if we are using them in HA Link Monitoring?

During our HA Test our PA interfaces are kept in duplex auto , speed 1000 setting , we have shutdown the switch interface , P

...

Sign On Error

I'm getting this error when trying to file a case in the support portal.

"Unable to provide subject and attribute info. Attribute mapping(s) failed: Mapping lookup 'getCustPortalUserfromCsp' returned empty result.

You do not have access to this resourc

...

How to find throughput for a palo alto firewall

CLI: create admin role

Hi,

I'm struggling a bit to find an efficient way to create an admin role using the cli.

Let's say I want to create an admin role and grant it all rights that can be found in the "Web UI" tab when using the web interface.

Is there a command that basic

...

High Availability - Active goes down due to non-functional

Hello all,

Last Sunday (6/26) at 5:37:27 PM, a failover occurred due to an Ethernet 1/22 interface down on the customer's Active Firewall.

I have looked around the log to analyze the cause, but the CPU was not high and I couldn't find the cause.

The f

...

스크린샷 2022-06-27 오전 10.46.00.png

스크린샷 2022-06-27 오전 10.41.40.png

Incoming Email Not Flowing

Having an issue with my deployment. Incoming email is not flowing when deploying the PA. The cloud spam filter will not connect to the spam appliance (in DMZ) I can connect to the spam appliance with the external IP address so I believe NAT is not th

...

Screen Shot 2022-07-17 at 1.15.31 PM.png

Screen Shot 2022-07-17 at 1.11.28 PM.png

Resolved! Aged Out in allowed traffic logs

Hi All,

I have a doubt regarding aged-out feature in palo alto firewall.

We are getting logs with allowed traffic towards different ports like port 23, 1433 etc.

The device action is allow and in reason aged-out.

I want to know that whether the traffic

...

Resolved! What kind of files will reside in each partition in palo alto fw

I would like to know what kind of files will reside in below partitions in palo alto FW

/

/opt/pancfg

/opt/panrepo

/dev/shm

/cgroup

/opt/panlogs

SDWAN Zone Mapping

Trying to make sure I understand this correctly. For each zone to used within the SDWAN they must be mapped to the pre-defined SDWAN zones. For the following example would this be the correct method of mapping:

Pre-SDWAN zones (same zones at all si

...

Resolved! Can there be fallback authentication for GlobalProtect?

I ran into a scenario that rendered me useless remotely, and I'm wondering if I can configure secondary authentication for GlobalProtect...

I used GP to VPN in remotely. My GP is set up to authenticate through Active Directory, and it works fine. I

...

GlobalProtect agent download from direct URL

Hi everyone,

Do you know if it's possible to block the download of the globalprotect agent via the direct URL ?

The goal here is to force users to authenticate in the portal web page to be able to download the agent.

Ex. for the 64bit agent :

https://

...

can we allow sign in to webex only using defined company account ?

I have followed below article and tried to configure http header insertion in URL filtering profile , but still able to login using other company account.

https://help.webex.com/en-us/m0jby2/Configure-a-List-of-Allowed-Domains-to-Access-Webex-While-o

...

Resolved! Aged Out Traffic

Hi All,

Please help me on this.

If I am doing telnet from one server then telnet is working fine but in firewall I can see the traffic is aged out.
I need to know if any traffic is getting aged out, then it should not allow the traffic but how the tra

...

Discussions

Resolved! Is there a way to configure PA 5220 as L3/4 or L7 load-balancer?

After Upgrade to 10.1.5-h2 the Email delivery takes a very long time with attachment.

Resolved! HA Link Monitoring.

Sign On Error

How to find throughput for a palo alto firewall

CLI: create admin role

High Availability - Active goes down due to non-functional

Incoming Email Not Flowing

Resolved! Aged Out in allowed traffic logs

Resolved! What kind of files will reside in each partition in palo alto fw

SDWAN Zone Mapping

Resolved! Can there be fallback authentication for GlobalProtect?

GlobalProtect agent download from direct URL

can we allow sign in to webex only using defined company account ?

Resolved! Aged Out Traffic

HA4 firewalls

B2B VPN IKEv2 Fail with Amazon Private Cloud Peer

Help understanding Asymmetric Path issue

Can't import a certificate via XML API using C#

Unable to download new version

Re: What is still missing or needs to be improved in PA Next Generation Firewalls ?

CVE-2024-3400 IOC's

Re: Solution for "SSL decryption bypass for Anydesk"

Re: Failed to update content package

Re: Solution for "SSL decryption bypass for Anydesk"

Unlock your full community experience!

Resolved! Is there a way to configure PA 5220 as L3/4 or L7 load-balancer?

Resolved! HA Link Monitoring.

Resolved! Aged Out in allowed traffic logs

Resolved! What kind of files will reside in each partition in palo alto fw

Resolved! Can there be fallback authentication for GlobalProtect?

Resolved! Aged Out Traffic