Source and destination based on NAT using DHCP

Hi,

I am setting up a PAN device. On ethernet1/1 I have it set up to DHCP. I then will have a computer connected to ethernet1/9. I want to set up both source and destination based NAT. From what I understand in order to do this I would need to create

Need to clear traffic or reset the tunnel to access

We had site to site vpn tunnels and traffic is always stuck and until unless we reset or clear the traffic the access is not working.

Any one have experience . The VPN tunnel never go down only the traffic PA to Sonic wall any recommendation on how t

Decryption Broker with Policy Based Forwarding

Hello,

I'd like to know if it is possible to use decryption broker with policy based forwarding on the same interface of the policy based forwarding as the scenarios is as the following :

We have a Bluecoat proxy connected to Palo Alto firewall using

Palo Alto - GPVPN - IPSEC b2b

My current role is as a Network Architect and I am working with our security team to get some Palo Alto firewalls setup to provide

GPVPN access and also IPSEC b2b connectivity.

Our initial design has a single external public address to host the GPVPN

Limit Download per IP

In NG firewall, is there a way to limit the download per IP per day.

For eg, One Ip should have only total 1GB download/upload usage a day.

It's like somewhat ISP does.

unable to access internet from vlan

Hi,

i am configuring PA-220 software version 8.0.9. i wan to create a vlan and allow them to access the inter net i have seen some video but i am unable to access the inter net i am even unable to ping my vlan gateway. is there any thing i can do ?

Error after upgrade of panos 8.0.17 - 8.1.0

After doing an upgrade I get the following error.

 Error: Max. user groups used in policy 1117 exceeds capacity (1000)
(Module: device)
Commit failed

I hope you can help me

Thanks.

Alan VG

TACACS Timeout

TACACS Server timeout currently has a max setting of 20 secs.  We have implemented Duo MFA on our TACACS server and 20 secs is really tight for receiving and approving the push notification from Duo.  Is there any way to override the max timeout?

We

MineMeld into Proofpoint TRAP

I am trying to integrate MineMeld and Proofpoint TRAP. It should be relatively simple and feel I am overlooking something. 

The first step was easy. Create an output using stdlib.taxiiDataFeed. 

Because this is the community edition auth is turned off

Kill Login Sessions

Hi,

Is there a way I can kill or log out other administrators that is authenticated in Palo Alto Management? Hoping for your assistance.

Thanks,

Xer

MineMeld mining IBM X-Force TAXII/STIX2 source feed

I have MineMeld setup to poll my IBM X-Force TAXII feed, however no indicators are being retrieved.  At this point, I simply want indicators from a specific X-Force collection to feed into a mirror copy within MineMeld.  The collection has indicators

Windows based user ID Agent Setup

Hi Everyone, 

Hope everyone doing well. 

we have setup a windows based User ID. but one problem I saw with that is, it is receiving accounts with $ sign in the last. I believe these are service type accounts and if yes we would like to exclude them on

Global Protect 5.0.4 portal not found

hello team,

we have this client running his ISP thru E1/3 (secondary ISP service), he wants to allow the Global Protect client thru this conection, however, after configure the portal and gateway in the PA-500, we test in the agent installed and we g