How to check the utilization of current firewall (eg. sessions, throughput, etc)

Hello,

we have plan to upgrade our current PA-3020 firewall to new PA firewall.

I would like to know how to check the overall utilization of currently firewall in order to determine the size of new firewall. (eg. the usage of sessions, throughput, tota

How to remove VSYS from Panorama

Hi,

Does anyone have a KB or similar to follow step by step?

Regards

DHCP-DNS server integration posisble on a PA-500?

Hi,

Is it possible to configure a DHCP server running on the PA-500 to automatically update the records in a DNS server that is separate from the PA-500?

Ideally, I would like to have the DHCP server dynamically update DNS records with the DHCP c

sip port 5060 same in source port and destination port

Facing issues regarding traffic flow on PA.

Cannot see traffic on PA when the SRC port is 5060 and the DST port is also 5060 and application SIP.

Have a rule which permits all the traffic from the source to the destination with all the ports allowed (

Question about NAT

How can you use dynamic source translation with dynamic source address.

This is my scenario. 

Site one Public NAT 1.1.1.1 source address 192.168.2.1

Site two Public NAT 2.2.2.2 source address 192.168.3.1 

If I want to combine this rule into one Nat ru

How to check VLAN untagged on ae interface and physical interface with L3 subinterface

Hello all,

We would like to proceed with the connection between Cisco ACI and Paloalto firewall regarding this server configuration change.
 
Is there a difference in how to check the VLAN untagged of the Ae interface with L3 subinterface and the physic

No data in Custom reports

Hello,

I'm using verson 8.1.7 (upgradede last week) in Panorama and firewalls 7050.

I have defined custom reports added to report groups nad this report groups defined in Email scheduler to send it every Monday.

If I do "Run now" in the custom report a

how does two or more snmp communities?

Two snmp community values need to be set, but only one community value is included.

Can I put only one community in the SNMP Community String?

If anyone knows, please share the contents.

ipsec phase 1 time out

Hi,Bro

Is there anyway to make ipsec phase 1 keepalive  and not depending on interest traffic ?

Device Telemetry Upload failed reason Server not reachable.

Hi,

In our firewall the device telemetry upload is getting failed, the reason showing is server not reachable. 

But there is no traffic logs for the application "paloalto-device-telemetry". But the dynamic updates are working fine, 

The model : PA-85

Traffic logging issue from firewall to Panorama

Log-collector status show as active and connected. Checked the logging status and based on the time stamp, observed that log creating and log forwarding are stopped. So panorama is not showing a logs for pair of PA-850 firewalls.

We have tried restar

Global protect gateway disconnect

hello Everyone, 

I am having client who is trying to connect the laptop from office system. VPN is on the laptop, and he can see the file and stuff , but when he is accessing through remote desktop connection to laptop. when it login , Screen lock it

Honey pot recommendation for DNS sink holing

Dear all,

we are seeing many DNS alerts for spyware, but we don't have any DNS logs.

Also, internal hosts can't resolve external FQDNs, so probably most of the requests are coming from the proxy.

So we are thinking about setting up DNS sink holing with