H/A Clustering Query

Hi,

I have a query regarding H/A clustering, I potentially have a requirement for H/A clustering with 3 firewalls and not just 2 (i.e. Active/Standby or Active/Active).

I believe that presently a 3 firewall cluster is not currently supported however

Data Plane high PA - 5020

i have problem about data plane, and the TAC say : packet rate is high, but i cannot find, how much PA-5020 can handle packet rate maximum.

i use command "show system statistic sessio" packet rate is 130K - 150K and dataplane 77% at 11:00 AM, but i se

Block recently registered domains

Is anyone successfully blocking domains that have been registered recently (last 30 days)? My testing has shown in the last three days, 380k domains have been registered. My PA-3020 capacity for External Dynamic Lists only supports a total capacity o

Dynamic NAT

We are moving NAT from the routers to the firewall (5050), the routers do not release the session's efficiently so we are constantly running out of IP's in the pool. Is there a rule of thumb for the number of IP's to sessions on a PAN 5050? We run at

Best Practices of log filter

Hello,

As a network admin, when user escalates that he cannot access some specify website, what's the best way to find the property log which was triggered by use's browsing activity?

Of course we can apply filer as "username", but even though, we w

Log forwarding, filtering and auto tag

Hi there

I've played with this feature for a while on my own FW, but must be doing something wrong. I'm adding the log forwarding profile, and when checking the filter I make, I get many log lines. But I don't get any output in the DAG. I've tried wi

PAN OS 8 displaying multipe threat/anti virus versions

Hey folks.

I don't know if this is intentional or not, but it's annoying as hell, and if it's configurable, I'd like to know hwo to fix it.

Since upgrading to Pan OS 8 on one of my PA's (a 500), I've noticed that when I check for dynamic updates, I g

CLI commands for Palo Alto configuration

Hi,

Are there any CLI commands which we can use to assess all the checks listed in the CIS Palo Alto Firewall 7 Benchmark?

 For Example:

Check : Ensure 'Minimum Password Complexity' is enabled

Navigate to Device > Setup > Management > Minimum Password

Will an On-Demand configuration keep GlobalProtect from notifying me that it did not connect?

I've deployed GlobalProtect 4.0.3-31 to my lab machines.  When I log in, I get notifications that GlobalProtect is connecting, and then that it is not connected.  I'm not panicked because my portal is not available from my internal network.  Will swi

Integrating Minemeld with TheMediaTrust

There is a current miner prototype for themediatrust, and the comment from the .yml file indicate that you need a valid TMT DTI API Key to use this Miner.   How do you configure this DTI Key in the Config section from the New Local Protoype page?

Th

Palo Alto and Cisco ISE packet issues

Hi 

ive got an issue when a user connects on our VPN using the global protect client the connection will take nearly a minute to connect and in the backgroup create several failures on our Cisco ISE RADIUS server, before finally let the user connect.