Limitations for creating number of child sa for site to site vpn

Hi,

Here I am trying to create a site to site vpn in Paloalto firewall, now in local network I have 8 individual /32 ips and for remote 10 individual /32 ips. This is for policy based vpn. Now if I add proxy ids for local and remote ips. I am getting

Source and Destination NAT using 2 different NAT rules

Hello everybody,

We are trying to replace our Lan-to-Lan concentrator (currently a Cisco ASA) with a PAN-5220 version 8.1.

On the Cisco ASA firewall, we are currently doing source and destination NAT for each incoming connection.

We change the  sourc

What is the difference of malware detection between NGFW and Traps

Hi community,

I'm just curious why does the Firewall detect a malicious action/file but the traps stays quite about like do they have difference in alerting?

Output detailed HIP logs to syslog

Does anybody know how to output the detailed HIP match logs to syslog?

As it stands, we've got to go to Monitor > HIP Match > Magnifying Glass Icon to see them.

We'd like to send this rich data set to Splunk or another tool to write reports against. 

QOS - real time bandwidth monitoring

Hi All,

I've created a generic QoS profile under Network >> QoS but when I view the graph it shows the bandwidth as being much less that I know it is.

At the moment I'm streaming music which is around 2 Mbps but the graph never goes above 0.25 Mbps

H

Help - Certificate pre-login globalprotect VPN, with SAML tunnel adoption

Hi,

We are working to create a global protect vpn connetion between our windows 10 devices and the PA FW ver. 8.0.1. 

The VPN tunnel needs to use a pre-login tunnel initially (authenticating via the machine cert) which when the user logs in re-authen

Downgraded from PAN 850 from 9.1.1 to 9.0.8.

2 months ago Upgraded the OS from 9.0.0 to 9.1.1 Now we have downgraded the OS from 9.1.1 to 9.0.8.. after successful of a downgrade.  we can see the firewall has lots of errors in auto commits as we clear those errors and tried manual commit has a l

Objects in use via CLI

Good afternoon,

I'm looking for the CLI command(s) for how to determine the number of address objects, and address-group objects that are in use on a PA FWs.

I know it's easily done from the GUI, but would like to add the command to a script, so I ca

PPPoE issues - Interface is not getting connection

Hello, 

I am configuring a PPPoE interface. I have enabled it and typed the username and password, and it continues without connecting. Is there another step that I have to take to enable the interface. I have followed the documentation, and also I h

Object Group with exclusions

Checkpoint has option to creat an address group object with exclusion (e.g Include 10.20.x.x/16 and exclude 10.20.30.0/24 or other subnets from supernet). Is similar option available in Palo Alto.

Negate option in PA is just to negate all source/desti