2 subnets on the same interface

We current have 1 subnet linked to an layer 3 interface which is supplied by our isp. We have run out of ip addresses and our isp want to present another subnet but on a completely different range. (too many services to move to a new range)

Is it just

Best practices - Schedule - allow and block Traffic

Greetings (apologies in advance if this is a bit long)

Could i have some advice on what would be considered best practice for allowing and blocking certain traffic at certain times.

As a school (K-12) that has Day Scholars, boarder Scholars, live in

Real Time Traffic on PA Interface

Hi All, 

I am stucked with  very basic requirement on Palo-alto firewall. 

Would like to know how to check the traffic statistics on PA Interfaces as requirement is to check the current live traffic on specific Interface. 

Followed some articles avai

DHCP relay issue

Hello all,

I have an issue with the DHCP. 

I have DHCP relay configured on the device (PA820), remote windows server, connectivity and  policy permitting DHCP traffic.

The problem is that the traffic is sill dropped by the FW, classified as not applica

Error on generating system logs

i just upgraded to 9.1.11 from 9.1.10 and i get a pop up message saying "Error on generating system logs" but the logs shows up fine and updated

is this a bug ?

there isn't an error in the system monitor and i checked the known issues but it wasn't in

DNS Proxy technical details?

I am checking out DNS proxy as a possible use case. We have a requirement to log DNS requests that include the true source info. We have a few environments with wireless clients that will not otherwise have our normal agents or tools installed in ord

External ping to public ip of secondary ISP interface.

I am having issues allowing pings on my secondary ISP interface. I have a dual ISP set up with my main connection a 10gbit connection with ISP1 and a backup 1gbit with ISP2. I am currently using path monitoring for internet failover and I also have a

How to shun/block an IP address for a period of time

I've worked with several traditional IPS in the past and there is always a way to create rules that shun or block a source IP address for some period before automatically resetting.  It is especially useful for stopping automated bots that are just p

PAN-171203 issue and latest 9.0.x releases

Hello everybody,

  as all you know, yesterday (or today, in US) were released updates to all PAN-OS versions addressing some issues, but I really have trouble with the PAN-171203 one. As per the PAN-OS 9.0.14-h3 Addressed Issues page (https://docs.pa

Unable to SSH to Passive firewall, GUI OK

hello everyone,

I lost SSH access to my PA-3020 passive firewall on mgmt. interface.. I can access it via GUI.

for Active Firewall, both SSH and GUI are OK.

I think it happened after I did fixing weak ciphers and keys on mgmt. interface. interface for S

Need help understanding how to setup conditions for Firewalls

As it stands m firewall looks at rules in a sequential sense and applies rules in that way. 

meaning if it reaches a Deny it will immediately cancel a packet (which isn't necessarily bad) but it also means if a rule permits a user to do something inte