General Topics

Impact on Processing rulebase order

Hi,

Is there and if so what is the difference on processing speed of a PA rulebase when most hit rules are on top vs when most hit rules are spread throughout the rule base?

For example: Imagine a rulebase of 15000 rules. What would be the processing s

General question about firewalls

Hi Guys,
I am extreme beginner on firewalls and network. I have a question, which will sound very naive. My brother company has around 500 employees in the same branch where he works. They have two firewalls in HA and then switches and then their serv

How to identify high dataplane CPU

Hi Community,

Could you please to identify a problem with palo alto device.

The device is with processing is too high.

What could be causing this consumption? This is normal or is a problem?
Data Plane CPU stay always with =100%

Follow a message:
Mana

PA VM IPSEC Tunnels in Azure

Ok, I've been stumped for a few days now. I dropped a support call in for help, but they are taking their time...and I am behind schedule. LOL.

I have a PA-VM-100. Its sitting in an azure cloud. There is an NSG on the Trust, Web (DMZ), and Mgmt inter

Limiting users access in palo alto firewall

Hi Team,

I have a query where i need to know whether there is any features or configurations needs to be done on simultaneous login by users.

Currently its unlimited for users by palo alto firewall. we need to restrict users unlimited access by any me

Not able to upgrade MacOS

Not able to upgrade macOS. We are trying to upgrade macOS from Catalina to Bigsur. Whenever we try to upgrade it from the app store or download the dmg and install, the installer fails.

But when it is connected to a different network, it goes through

Network Interface configuration into V-Sys Environment

Hi,

can anybody help me for below queries:

• How to make a shared (sub-interface) into multi V-sys environment
• How to create VLAN interface (L2/L3) on specific V-sys.
• Is there any concept of virtual-switch concept in V-sys environment?
• How to make a inter V

Easy way to deal with Google SMTP (1e100.net)?

Anybody found an easy way to deal with allowing SMTP traffic to Google but nowhere else.  The problem here is 1e100.net IP space is all over the place (since it's Google's world wide distrubted cloud) and FQDN address object type, when it even works

One of interface is down in vm

Hi, Palo Alto firewall is VM in ESXi. In the ESXi, I can see the firewall interface e1/1 , e1/2 and e1/3 are up. but I do not know why we can see the firewall e1/3 is down. Anyone can advise this?  Please see the below. Thank you

NOT ABLE TO ACCESS PUBLICY NATED IPS VIA GP IN FULL TUNNEL

Hi Guys,

We are not able to access nated ips from GP full tunnel scenario.

We have 50+ hosted servers publicly and we have GP in full tunnel mode.

All the nated servers are accessible without any issue but when we connected to GP in full tunnel we ar

multiple MAC address on switch port connected to the PAN firewall

Dear Community,

We have a few Palo Alto firewalls in several locations where we are seeing a weird behavior.

The firewalls are connected directly to switches and in some ports of the switch we see two learned MAC addresses: one 001b17-XXXXXX belonging

Want to block personal gmail and allow corporated gmail

Hey guys one of my customer wants to block personal gmail (google mail) for eg : example@gmail.com

and want to allow the corporate Gmail eg : example@corporate.com 

what are the steps to configure this type of request please help us.

Show Hard Drive information

For an audit, I need to know the Make/Model/Serial Number of the internal HDD.

I cant seem to locate the appropriate show command on a PAN device...any ideas?

Thanks much