.

PA-820 Decryption Causing Slow Internet at 5000 sessions

We have been having a issue at our corporate office where users are complaining about slow access to the internet when I have decryption enabled and sessions reach 5000. Around 3000-4000 access is completely fine. I have been monitoring this from the

unable to create a global protect VPN connection while carrier using Dual stack lite

We are receiving many reports about extremely slow and unstable GlobalProtect connections with some internet providers in Marburg .
The providers don’t provide native IPv4 addresses in consumer tariffs, IPv4 packets are tunneled via carrier-grade NAT

Remove feed entries from old (deleted) feed

I was receiving feed information from the Zeus tracker miners which was discontinued earlier this year.  I removed the miners and deleted them from the aggregators, but the data is still in the feeds.  

How do I remove/expire the data?  

Attached

IS it possible to transfer the large file from web server to client over the IPSEC tunnel ?

is it possible to transfer the large file from web server to client over the IPSEC tunnel ?

We have 1.5 g circuits between two ipsec gateway and MTU/MSS by default .

I am facing slowness issue

How to reference set conditions within infilters presented for data from the Azure JSON miner

Objective - Create Processor which can take the mined Azure JSON feed and filter on prefixes from specific regions only. 

Issue - Region data is presented from the JSON file within dictionaries named "azure_name_list" & "azure_id_list" however I ca

TAXII Miner Input with Certificate Auth available within the AutoFocus version of MineMeld?

Hi-

I'm working with a customer to pull a TAXII feed into MineMeld/AutoFocus which requires certificate based authentication. Is this possible with the MineMeld version within AutoFocus?

Regards

eyunghans

Log Parsing

Hi team,

i am sending the firewall logs to a kibana for log analytic purpose and i ran into a minor issue i can not find a good working grok parsing for the logs that will actually work.

any chances any one here done that and can help me with it ?

Be

TAP in environments with asynchronous routing

We have a situation where we can't get all the mirrored traffic to the same interface. But as it's asynchronour souting nevironment a packet can be mirrored to one interface and the reply to the other. So we need to connect 2 PA TAP interfaces to cap

Reverse Proxy and X-forwarded-for

We use a load balancer to terminate SSL connections coming into our publicly accessible web servers from the Internet.  The same load balancers are used as a reverse proxy.  Because this produces a blind-spot for us, we have configured the load balan

Deleted rule still matching traffic

Hi team,

We have experiencing something strange behaviour on one of our Palo Alto. 

Palo Alto is managed via Panorama, our costumer add a security rule directly to device (not using Panorama). We delete the rule on the device, so doesn't appears anym

Dynamic updates failing since the 18th....

Some of our PA's are failing to get updates with a "generic communication failure"

They go out the same rule on one PA.

The DR site seems to be ok.

DNS and trace route seem fine...

Rob