tracking bursty traffic with the firewall

Dear community!

I´m seeing in the interfaces the "rcv_fifo_overrun" counter increasing quite a lot and I´d like to find out what´s the root cause. Is there a reliable way to verify in the firewall if the reason of this counter to increase is some bur

Palo Alto Management Interface Inbound Discards

Starting in either PAN-OS 8.1.x or 9.0.x we have noticed that SNMP is reporting inbound discards on all of our Palo Alto management interfaces in our monitoring solutions.  It seems to be be specific only to the management interface as other physical

GCP Miner

Has anyone found a list/feed for GCP that actually contains zone information?  Has anyone created a miner with such feed?

procedure to clear logs of M200 disk-pair

M200 is in HA with local log collector configured on both panorama and log redundancy enabled. We want to disable redundancy to gain additional space for logging.

We want to clear logs of Secondary Panorama M200 disk-pairs and use it for logging from

Connecting 3rd-Party VPN Device to PA-3220

Hi. Wanted to ask for opinions, suggestions, and experience on this. We have a Cisco ASA VPN Device from our vendor and we'll need to connect this to our PA-3220 FW. So basically, Internet --> PA3220 ---> ASA VPN --> LAN. This ASA will be inside our

Mitel decrypt error

Hi all,

we have a open ticket with TAC, but wanted to ask if anyone's seen this, we're in the testing phase of it, and one of the phone's traffic shows up in the logs as decrypt error in the end result, so that phone is not able to login to the mitel

AWS x PAN 2 tunnels PBF backhaul internet static routes?

Anyone run into this before?  I have 2 x AWS tunnels (No BGP) and I want failover to occur and I want to backhaul internet traffic from AWS out through the PAN.  I have connectivity between AWS and on-prem with no static routes configured.  However,

Version 10 SMTP Authenticated SMTP

Good afternoon:

One question, I understand that in version 10 it is already feasible to use SMTP /TLS authenticated to for example use Office365 or Gmail, among others to be able to perform Palo Alto mail sending.

Someone has already configured and t

User not able to access one site

Not able to access the site is on another location I can ping the site it's responding I check session-id packet capture nothing was found.

I create a  policy for that user without any restriction still not able to access the site. In monitor its show

Does Active-Active HA supports more users?

Hi Guys,

My company bought a PA firewall a few months back. At that time we had around 85 users and PA technical person suggested that it will handle up to 100 users in our environment. Now, we have around 70 more people who joined our company, so tot

PPPoE Disconnection frequently.

Facing PPPoE session disconnection issue. 
As per ISP, this is a Firewall issue as from Laptop or Computer (directly connected to ISP Router) no disconnection being observed.

Palo Alto PA-3020

Following logs and capture packet are below 

2021-07-15 11:2

Security Policy filtering HTTP/S traffic over all ports

Hi!

Has anybody made a rule that filters the traffic by HTTP/S protocol no matter what the port is?

what I mean is for the FW to detect a client trying to access https://randomwebsite:X where X can be any port from 1-65535

running ver 9.1.8