Configuring PA-5250 to act as gateway for guest wireless

Hi All, I'm attempting to configure a 5250 to act as the gateway and DHCP server for my guest wireless. I have a Cisco 9800 WLC directly connected via fiber from Gi0/2 to Eth1/15 on the 5250 over VLAN 825. I then created VLAN 825 on the 5250 as an SVI and associated it with Eth1/15. I have a DHCP server setup to hand out IPs from the 10.14.0.0/1...

Agentless User ID based network administration control using Windows AD server for PAN-OS

Hi All,I am looking for information on if we can use PAN-OS to do user ID based authentication for network administration control. For example, if user are working from home or remote location, getting users authenticated via PA Firewalls by integrating PA FW with AD server. Question I am stuck at is, how policy will look like. I want only this ...

URL Filter Security Policy Structure

Hello all. New to PAN, and after reviewing the documentation on URL Filtering, I'm confused on the best practice deployment of the policy structure. Here's what I mean: Let's say I want to break out the policies into multiple granular policies for custom exceptions. It would look something like this: 1) URL Filter Policy: "Vendor Safelist"Custom...

session_end_reason eq decrypt-error

I have a high number of sessions, for various webservers and clients, being closed due to decrypt-error. I've attempted to follow the tips from this document, but I'm still not clear on root cause: https://live.paloaltonetworks.com/t5/Configuration-Articles/PAN-OS-7-1-New-session-end-reasons/ta-p/73289 Need help identifying why sessions are endi...

Query regarding upgrade Path to 8.1.21-h1

I have a PA-500 device running on 8.1.20 currently .From this version can we jump directly to 8.1.21-h1 Or we need to go via intermediate path ?(8.1.20 >8.1.21>8.1.21-h1)Also not able to see any Palo Alto reference article about upgrade path , Is it available ?

Blank Setup page after downgrade from 10.0 to 9.1

Hi there, Using a VM-50 that has been running fine on 10.0.2 until there was a need to downgrade the VM.After taking backups then downgrading to the 9.1 feature release, the Setup page in the UI is now blank.I have tried upgrading/downgrading to various 9.1.x feature releases and committed several different configurations to no effect.The setup ...

firewall is preferring a higher cost route even though its learning lower cost route with same type in ospf.

Global Protect AutoVPN and Windows 10 Login Screen

When I login to my laptop computer - underneath my user name for sign in SOMETIMES is the statusmessage: GlobalProtect Status: Connected (and under it the name of the GP portal/gateway.) But at other times I see no such message or "sign in options". If sign on options are there one includes the GP logo w check on it. A third issue now I've seen...

User-ID agent

We have User-ID agent installed on windows VM server. We want to increas the RAM on this VM to improve the performance. If I shutdown this VM, what will be the impact on user authentication during VM remain shut down? Please refer me to some KB so that I can do this activity.

Getting Low Speed

Guys, My Lan users are getting a slow downloading speed. I have checked the ISP cable directly and there I am getting the accurate speed which is 30Mbps. But when I am connecting the ISP cable to Paloalto after that I am running the speed test it's gives me only 4 Mbps. I have tested also one pc with no URL filtering or no profiles applied on it...