Ingress inconsistent Packet dropping

Hello,

There are intermittently packet drops for the traffics destined to Internet from the trust zone.

No deny log as the traffic cannot traverse through Palo Alto firewall so I can only see drop and receive logs not firewall and transmit logs from

GP VPN causing slowness

recently pushed out always-on vpn, but one site/office is reporting slowness when connected to it. The office is a managed office, so i have no control over their internal network.

When VPN is disabled they are able to hit 600mb download/upload. As s

SNAT do I need to add the SNAT address to my lo

Hi

I have a working SNAT, but the src nat address is only defined in the SNAT rule.  should I also add it to a lo 

Alex

Relevant Zone for an IP address in Vwire

Hi Experts,

Could you please suggest how to find Relevant Zone for an IP addresses in V Wire mode.  When configuring security policy, we need to mention the source and destination zone.

 We've PA firewalls only configured in Vwire with multiple zones

PBF not working when ECMP is configured

HI 

I have two internet links and configured ECMP to do load balacing based on weight,

Here I want to allow few users from my internal to specific desired destination based on my PBF to take my ISP2 path.

But it is sometimes taking ISP 1 and sometime

Multiple GlobalProtect Gateways on same interface?

We recently (today) configured pre-logon VPN, but have come across what could be a show stopper. As its currently configured we have configured:

Gateway > (gateway name) > Authentication > Certificate Profile > (a client cert signed by our infrastruc

how to get DNS domain name in security policy instead of domain name

HI Guys,

I have a question regarding LDAP, I have synced AD with my firewall and it works good. But it shows only the netbios name is there any possible way  in palo alto to show DNS domain name instead of netbios name

USERS WEB Surfing

Hello all

There is a task.The Management want to see what employers do during work time.Which sites they surf and so on

We have Palo Alto PA-850

Is it possible to show them in real time which user surfing which web site.I mean real time surfing?

I know t

Traps false positive

Hi,

Our traps solution is detecting malware when it shouldnt happen. This hash have been checked as benign,

Within Security Events we are repeated alerts in Malware Modules due to the protection of processes that refer to executable parents and chil

Load Config Partial for Panorama Firewall Import

If anyone used it before, can you please share “load config partial” commands to import all configuration items from saved firewall xml config (fw1.xml) file into new Panorama template (e.g. template1) and new device group (e.g. dgropup1).

I can work

Failed to add imported nodes from device to Panorama

I am trying to import firewall to Panorama using “Import named Panorama configuration snapshot” option. However when I select the device, I get the following error message, with no indication of why it is failing:

“Failed to add imported nodes from d

Authentication policy for RDP

I have succesfuly implemented auth policy for http and https (with decryption).

But I can't get it to work for RDP. Yes, I know I need GP client for non-browser protocols.

Customer is using MS MFA server. As it's not supported by PA as MFA server we c

Packet flow for Hardware Offload

Dear Experts,

Was wondering regarding packet flow in terms of hardware offload. Is it like below or somethingelse?

Ingress Stage > Session table/flow lookup> Offloaded

or 

Ingress Stage > Session table/flow lookup > App-ID/Content-ID inspection is do