Palo Alto Globalprotect performance optimization

Palo Alto have released a great article how to optimize the remote VPN by removing the tunnel when the user logs out.

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PP3ICAW

I may also add that somethimes ipsec works bette

Tunnel interface show "Red"

Hi,

As iam facing the issue with  Passive firewall as interface status show "Red"

Moreover Tunnel monitoring is already disable still it's show red. As on the active firewall the it's show green,

Can you please advise.

User-id redistribution not working

I have user-id successfully configured on a fw, and i am trying to redistribute these mappings to panorama 

We are using the integrated Panos agent, 

i have created the the user-id collector name/pre-shared key on redistribution tab of the User-id Ag

Will DoS Protection Block IP or Block Service of IP when Max Rate Threshold is Exceeded?

For the following scenario, will DoS block destination IP or block service of the destination IP? 

If a DoS protection policy include destination IP and Services to protect an internet facing server, for example source any destination 1.1.1.1 service

What is "'service':Off" in chassis.leds on PAN-OS 9.1?

Hi,

I found out a new item in 'chassis.leds' on PAN-OS 9.1.
There is not shown on PAN-OS 8.1.
Anyone know what does it mean 'service':Off ?

- v8.1
>show system state filter chassis.leds
Chassis.leds:{'alarm':Off, 'fans':Off, 'ha':Off, 'log':Off, 'status':G

NAT issue for accessing ICMC service from google

We have 4 production servers are accessing ICMC service which is hosted in following URL “pubsub.googleapis.com”,

If all 4 servers in common NAT rule then there is a time-out error observed which caused ICMC service failure.

We have tried change the

Do PA have size limit for AV scanning (not size that upload to WildFire)?

Hi, I'm looking for reference document that clearly answer below question:

1/ PA have file size limited for AV or not?

2/ What file type that PA support or not support in AV scanning?

3/ When PA need to forward file to scan on WildFire?

Please give me t

Global Protect Users Experiencing Telnet Disconnects

I wanted to see if I can get some help with some session termination problems that I am experiencing for Global Protect users. Our remote users connect to an on-prem ERP systems through telnet, tcp/23.  I recognize that this protocol has inherited pe

BGP configuration

I am looking to see the commands to check bgp configuration on palo alto 5050 Software version 8.1.14

We have that PA in our organization but i am new and trying to check why i am not able to learn a route 10.104.55.0/24 in BGP in PA 5050

I am learni

Need to export policy rule in excel format.

Hi,

While exporting all policy backup in excel sheet as we need this all policy details with all fields in rules.

As when I tried to export directly via console it gives only object name, not real ip address. So it is difficult to know which object ha

PA-3220 Power Supply Air Flow Direction Optional?

As I have encountered and many others may also, when this unit was installed in a data center, the person did not follow hot and cold isle standards. Is there an option to replace only the power supply or type of fans to reverse the air flow? This wo

DHCP server issue with PA3020

Hello,

 I have PA 3020 on which I have configured a DHCP server with about 400 reserving "binding", and IP pool for non reserved.

this DHCP server is configured on vlan tagged subinterface.

every thing is going well for laptops and PCs "windows", but I