QoS for VOIP over IPSEC VPN

Hi All

I have four VPN sites and HQ with VOIP deployed. On HQ Palo Alto, I want if traffic come from LAN with some marking like 'af41' then give priority (real time) and copy the dscp marking when send across IPSEC VPN? 

-> For this, I have made one q

Concurrent Session Limiting in global protect

Hi,

Is there any way to limit GP connections by user? one session by user

I´d like to change so that it´s a 1user 1 session

Thanks a lot

Testing 8.0 Credential phishing prevention

Support says eveything has been setup properly for this to work. How would you test that users would not be able to enter domain credentials into bogus site? 

Dynamic 1:1 NAT on the Palo Alto interface.

We are looking at some method where we can dynamically NAT subnets behind the Palo Alto Firewall to pick an IP address from the network defined on the external interface.

e.g. I have the external IP address network defined as 10.100.100.0 /24. The IP

Issue Static Source NAT

Hi Expert ,

I have some issue about Static NAT due to I have secondary public ip on the same interface such as on ethernet 1/3 have 192.168.1.22/24 and 192.168.55.1/32 and config nat bi-direction such as source  trust > 172.16.1.22 to untrust  and So

Best practice on what to advertise the “non-connected”/”non-static” NAT space.

Hi Guys my customer is in the heat of battle with policy and NAT review, but I wanted to toss something out there regarding the advertising/redistribution of the NAT space.

 There’s some discussion on how to advertise the NATs (aka non-connected or r

Minemeld install error on RHEL

I am attempted to perform an ansible install of Minemeld on RHEL 7. I am receiving the following error. Anyone seen this and have any suggestions for remediation?  Thanks

I receive the following message when I run the ansible playbook:

TASK [mine

invalid interface

hello have getting a lot of 802.1q tag not configured and invalid interface message in global counters. I'm trying to find the cause, I have configured subinterfaces I see traffic in rx.pcap with properly tag, all traffic is dropped, I see as destina

how to block internet download manager

hi everyon 

can palo alto block internet download manager?

if can, then how to block

Feature Request - Reporting

I just spoke to Jim Silha about reporting.  Palo Alto comes with a user activity report.  Under the section 'Browing Summary by Website' there is a 'Host' column.  It is much more report friendly than say 'URL'.

I would like to be able to use that in

HA Active/Active and VPN

Hello,

We have a scenario where a customer wants to deploy two PA3250s in two different locations which will be an Active/Active cluster. There will be a layer 2 link between the two sites and also customer wants a VPN as a backup if the layer 2 link

LDAP interval

Hi,

I have a question in reference to the LDAP interval time. Specifically what my goal is I want to be able to let the firewall know about my AD group membership changes quicker. For example if I have a specific AD group that is configured on the fw