Global Protect connections fails after 20-30 seconds

Hello,

We have an issue with a Global Protect connection failing for some users in couple of seconds after we migrated from PA 3000 to 1410 series FW.  PA 3000  was 10.2.9 and the new FW came with PANOS 11.1.2-h3 version.

For the users with the probl

Panorama high MIB memory

Hello community!

We are monitoring the Panorama system resources and we get alerts regarding memory (MIB). We don´t have any performance issues though.

Can you advice if the following memory levels are fine or it´s too little memory free?

Starting from PAN-OS 11.0 version, is the only interface link duplex set to auto?

Dear Team,

I noticed something unusual during testing.

Starting from 11.0, the only option for interface link duplex setting is 'auto'.

I've checked the changes and restrictions in 11.0, but there are no explicit details about them.

Is this b

Negate networks within an object group

Hi,

is it possible to negate certain networks within a rule?

example.. src (192.168.0.0/16) and dest (10.0.0.0/8) action Deny

but want to negate dest 10.200.0.0/24 in the same rule so that 192.168.0.0/16 cannot talk to 10.0.0.0/8 but can talk to 10

Panorama IOS required for EVE-NG and RAM requirement

Panorama IOS required for EVE-NG and what is the requirement for RAM. Please help me on this.

Thank You

Help with XML api device configuration

I'm looking for a solution to automate sdwan deployments so I'm trying to do a couple of things with this api call:

1 - create the layer3 subinterface interface

2 - give the subinterface an ip and next hop ip

3 - enable sdwan on the interface and g

Decrypt STARTTLS SMTP protocol but not blocked Virus File

The mail server resides on the network inside PaloAlto.
I am trying to add a feature to use STARTTLS for SMTP/25 from the mail server to the Internet.

I implemented STARTTLS decryption (Forward Proxy) on the PaloAlto and sent an email with Eicar Virus

Block Exchange ECP externally

Hello team,

We are experiencing with our hosted exchange server on the cloud. Despite efforts from our Server team to block ECP access from external networks, it remains accessible. The team has suggested blocking ECP for external networks only.

I

Palo Alto vm image provided by Palo will not start properly on eve-ng, version 10.2.5

Looks like its a known issue and from what ive seen from posts online going into "maint" mode and reinstalling fixes it, the problem is no mater how fast i am its literally IMPOSSIBLE for me to get into maintenance mode as it goes past that bootup pa

GP issues after a fail over test

So we have an annual BCP fail over test, during the fail over test when we shut the primary TOKYO PA 850 it fails over to PA 850 SEC, however when we connect to the VPN we cannot on our TOKYO we are not able to connect. 

I'm a bit newbie on PA and

RJ-45 10GB interface and cat7 cable

Hi All,

Anyone deployed a ngfw (pa-3430) using the 10gb ports with a cat7 copper cable yet? same process as normal cat5/6 connection no additional changes needed?

have a deployment for a client with fiber sfp but they did not purchase the sfp modul