Zone protection and Dos Protection

Hi all,

dos protection rule can override zone protection?

I have a zone protection activated for OUTSIDE and a policy in dos protection from OUTSIDE to INSIDE.

In zone protection there are specific features (like ip spoofed) that are not present in dos

Routing table limitations

Does anyone know if there is a way to re-allocate the resources reserved for IPv6 routes to IPv4 routes?  Our IPv4 routing table contains approximately 6300 routes, and the Palo Alto limit of 5000 IPv4 routes doesn't see all of them, but we don't use

Memory PA5250

Hello All,

How much memory does PA 5250 had?

Overlapping GlobalProtect Portal agent config AD groups

Does anyone know how Palo treats overlapping Active directory groups for portal agent configs?  Is the list read top down for handing out configurations to the agent if a user exists in multiple groups identified by the portal?

Google Safe Search Update

Enforcing Google SafeSearch with Palo Alto Networks Firewalls - Lockstep Technology Group Blogs

Enforcing Google SafeSearch With Palo Alto Networks Firewalls

Lockstep works with a number of organizations that require filtering of inappropriate web base

Redistribute ebgp route into ebgp

Hi Team,

I have EBGP peering between PA- Router using EBGP. learning route 10.10.1.0/24

I want to advertise those EBGP routes ( ex 10.10.1.0/24)  learned by PA  to AWS where I have another EBGP peering between PA and AWS.

Could this be done in Palo A

UDP issues after network outage

We're experiencing multiple issues with udp-based applications after network outages. A common problem is that udp tracking sessions (I assume from ALG) in PA for DHCP create issues and clients are unable to attain IP-address. This error must be manu

Convert Lab license to prod - Possible to do with a purchase order?

I have a set of 3020 that are lab that I need another set (for consistency) but the 3020 are not available for purchase.after today.  Is there a way to switch these to prod (for an additional cost)?

Persistent issue with APP-ID Reliability

Hello all. I have had an issue with PANOS since 7.0 (Currently I am on 9.0.2-h2) where the application id feature is not reliable in security rules. I can add a rule and for example lets say I allow ssl to 10.1.1.1 from 10.2.1.1 no user restrictions

GlobalProtect Clientless VPN inactivity and session lifetime logouts enforcement

Good day,

 Inactivity and session lifetime forced logouts are not enforcing logouts on open clientless applications. Currently running 8.1.8H5 and have found that clientless application sessions are remaining open even after a forced logout.  Going ba

Global Protect Client on Linux cannot connect to local gpd

Hi, have this problem since a few releases back.

Installed latest Globalprotect client for linux, currently 5.0.3. Install ok, runns ok but doesent activate and connect.

root@khazad:/home# systemctl status gpd
● gpd.service - GlobalProtect VPN client da