Ipsec proxy id has exceded

We are getting error when configured ipsec tunnel and the error is that "number of entry has exceeded" in proxy id.

PA-5220

OS-9.0.5

For your information please find attached screenshot.

Missing Zone Assignment

I have an issue where traffic coming in one zone is not being forwarded to the right zone.  It seems the destination zone is not being assigned right when the session is setup.  It seems to be matching the predefined intrazone policy trust-trust.   H

Experience with GlobalProtect during Corona pandemic time

I would like to share issues with GlobalProtect, and what was done to fix it.

QoS with loopback interface
Due to high network load on the Internet line, we wanted to priorize (or limit) some traffic. It took several hours (testing, reading documents,

QSFP+ cable for HSCI, what 3rd party product are you Using?

Hello,

Just curious what cables everyone is using for their HSCI qsfp+ for HA2. My vendor wants to sell me a 10m cable, I dont need 33 feet to span less than 1 :(. Just curious what people are doing prior to using a standard port with 10GB gbics.

Chee

How to Marge 2 ISP Linses

Dears, 

I have 2 ISP lines 

link 30Mb 

link 20Mb

I need to marge  the 2 ISP lines to be 50Mb. I have PA3020

Designing Networks - Access Denied

Hi community,

I'm wondering if it is possible to gain access to the below live community link or is this just for Palo Alto Networks employees?

https://live.paloaltonetworks.com/t5/Internal-Knowledge-Base/Designing-Networks-with-Palo-Alto-Networks-Fi

Rasmgr GlobalProtect

Hi,

We are SNMP monitoring the number of users connected by GlobalProtect Gateway. Sometimes we see how the graph goes to 0 and recover the value some minutes later. No issues were reported by users connected by SSL-VPN.

 So we are investigating if th

Global Protect with Google Authenticator

Hi Everyone, does anybody has ever implementing multi factor authenticator using Google Authenticator?

App-ID Policy to Explicitly Block - Allow WiFi Calling

Hello,

I tried searching but was surprised to find no ready answers for this.. I'm trying to determine the App-ID policy to explicitly block or allow voice calling over wifi (or wifi calling) on Verizon, AT&T, etc. I can't seem to find this in App-ID'

Global Protect will connect then immediately disconnect

A GP issue I am dealing with at the moment is where the client will successfully connect but I cannot ping anything on my network.  It appears to immediately disconnect.  I have attached the log files if anyone may know how to help determine the caus

Enabling Jumbo Frames on HA Pair

I have an active passive PA850 pair, and want to turn on jumbo frames. 

I wondering about the best order-

Can I:

do the passive unit first, and reboot

fail over and do the primary then fail back.

Any issues with the HA function while one unit has jumbo e

Autoscale Palo Alto VM in transit VPC

In AWS I am attempting to use an autoscale template in a transit VPC. I'm running into issues with the NLB and limitations with defining tcp/udp services to load balance. In essence I want to LB the gateway for attached spoke VPC's. The use case is A