Unstable ipsec detection for ipsec-esp-udp application when connecting Globalprotect VPN

We have a setup with a primary PA firewall 1 that pass through Globalprotect VPN traffic to a second PA firewall 2. We've seen sporadic connection problems when connecting a Globalprotect client. Sometimes it can spend up to 2 minutes to establish th

GlobalProtect install restrictions

Hi all

I was wondering if there was a way to restrict who can install the GlobalProtect client ?

As an example, at the moment if any user launches the gateway page can download and install the client on their own computer albeit they need an active ac

SSL decryption error

I had configured SSL decryption on PaloAlto VM-50 before 6-7 months ago. There was working normally till today. Today some users get below error when they want to enter site. There is shown “decrypt-cert-validation” message on PaloAlto traffic logs.

Help with configuration for a test network going through our live environment 5050's

Just mainly need direction on where to go with this. We have 2 PA5050's in our environment and no test network for the main network. We do however have a new test satellite network where some of our DB's and others want it to have access to live envi

Help with IPSEC VPN with overlapping subnets

I'm working with a vendor to setup an IPSEC VPN but we have an overlapping host address. My side has a PA500 and their side is a Sonicwall.

Palo Alto Side:

Source server: 192.168.100.20

Their Server: 192.168.100.85

My server NAT address: 10.0.0.20

Thei

High memory usage PA 3020

Hi, can someone help me? I have PA-3020, about 900 security policies, about 50 vpn tunnels (low traffic), I noticed high memory usage , What could be the reason for this? How can i relaease this?

soft: 7.1.4-h2

Cpu(s):  0.5%us,  0.5%sy,  0.0%ni, 98.8

Unused Services

Is there a way to tell if a service is being used? I am trying to verify that the services the migration tool lists as unused can be deleted. It might be enough to go by what the migration tool says but I usually like to verify it a couple different

SSL decrypt with client certs

Hi

is it possible to decrypt SSL connections that use client certs. I'm guessing not.

Thought I would double check.

A

The dreaded any

I got a health check report and according to it I have a least one any in every single rule I have on my firewall. I was just curious if anyone  has been able to have at least one or more rules with no any's at all. 

Site to Site vpn with Dhcp server at remote site

Hi,

I have a site to site ipsec vpn between 2 PA devices. Lets call them Site A and Site B and at Site A I have a Cisco router acting as a dhcp server. I'm trying to have all the client at Site B get their dhcp address and scope options from the cisc

Traffic steering to wrong sub interface

Tearing my hair out here so any help appreciated.

This is a VM firewall, VM-300 ver 8.0.3-h4.

I have created new subinterfaces for three VLANs, one of which is a guest VLAN (111) which has its own vSwitch, port group, sub-interface and zone. However,