CPS doesn't work

Documentation says we should measure CPS for creating baseline. I have done this for last 20 days collecting CLI output every 3 seconds and have Panorama data to back it up. Below is last 7 days data, CPS never peaked beyond 20K and on average is bel

GlobalProtect Portal - No certificate profile configured, but prompt for certificate

Hi Community,

I got a strange problem and want to hear, if someone got the same.

We got a Panorama managed PA-3220 PAN-OS 8.1.7 with GlobalProtect portal, external gateway (which share the same IP) and an internal gateway.

The external gateway got a cer

ha2 keep alive

Hi,

I am getting the below message  ,there is no specific interval (around  30 min) 

it  countinously happens from three days .

What is the action need to be taken 

HA Group 1: Local HA2 keep-alive up
04/15 14:57:47

HA Group 1: All HA2 keep-alives are dow

Convert VM-Series Perpetual to Flexible License (Credits)

Hi All,

I have a number of VM-Series perpetual licenses with subscriptions that are due for renewal and would like to migrate to flexible licensing so I can purchase credits to add new subscriptions.

I've found the process to do this as follows howev

Suspicious TLS Evasion Found(14978)

Dear Team,

I have configured the web service behind PA. and attached the security profile . i can see in the thread logs the thread is generating "Suspicious TLS Evasion Found(14978)".

i have gone through the below KB but didn't understand

https://kno

RDP with another account deleting the local mapping

Hi,

We use GP to connect to our company. So when i open a RDP to internal server using administrator user, my local mapping change also to administrator. We are using agentless for userid. 

What option do we have in order to keep the local mapping? i

WildFire EU connection timeouts

Some of the customers are experiencing following errors with PAN devices (updates OS 8.x) that use WildFire EU (about 5-10 per day at random times):

Event: 'wildfire-conn-failed'

Severity: 'medium'

Description: 'Failed to perform task multiple times re

IP for Cluster HA Active Pasive

Hello,

We have a 3200 series HA cluster active/passive version 9.1.10.

The requirement is to access through a single ip always to the active node.

That is, I have an IP for the active node and another for the passive node but I want to configure a singl

GOOGLE MAPS WHILE BLOCKING OTHER GOOGLE SERVICES

Does anyone have any ideas on how to permit access to Google Maps but block access to all other Google services? I have tried using a rule matching the Google-Maps application however it requires google-base which allows many other Google services. I

Using PA-3220 for URL filtering to replace Barracuda Web Filter

We just got our PA-3220 and hoping to use that for our URL/Web filtering and discontinue our Barracuda Web filter.  Has anyone implemented the URL filtering with terminal server users?  

Can't access management console

I made a big mistake and not sure how to correct it.  We have a Palo Alto Firewall.  I wanted to white list an IP address so my PCI Scans would not fail.  I found an article but it seems it lead me a totally different direction.  It had me put the IP

GlobalProtect VPN - Multiple ISPs - Single Client IP Space Desired

Currently I have GlobalProtect Gateways on each of my ISP links which requires dedicated IP space for the clients according to PA documentation that client space IP pools shouldn't overlap.

I've recently been asked to grow the remote access pool to a