Commit limits

Hi Guys,

We are running scripts to push configurations into the firewalls. Everything is done via CLI and with set statements (I know that it is odd, but that's the way it is). Does anyone know are there any limits on the configuration size because s

GlobalProtect - Change Password field to say "Token"

Hi, does anyone know a way to update the password field on the GlobalProtect to read "Token" so that our end users know that they need to enter their RSA code instead of their domain password? 

private ip addresses in url filtering category

Hi,

What is private ip addresses in  url filtering category .

I tried to allow and access a url in local lan , did not work 

Thanks

ICMP gets dropped by DEFAULT DENY ANY ANY

Source IP: x.x.172.230

Source Zone: int-fw

Destination IP: x.x.20.50

Destination Zone: DMZ

Requirements: SRC and DST IPs should be pinged bi-directionally.

Scenario:

- I've allowed the traffic using ICMP, ICMP-0, ICMP-8, PING bi-directionally but still

Always on/Pre-Logon GP and Windows logon time

Does anyone have any tweaks or suggestions that might improve the windows logon time when GP is configured as pre-logon always on? Our users have gotten used to waiting sometimes up to 5 minutes after logging in before they see their windows desktop.

HOW TO CONFIGURE NAT FOR SAME IP IN IPSEC TUNNEL

I HAVE IPSEC TUNNEL BETWEEN MY PA AND another SIDE IS CISCO ASA, NOW ON BOTH SIDE THE IP IS SAME. SO HOW I WILL CONFIGURE NAT FOR THE SAME IP? 

Trunking a new switch existing PA (Active/passive)pair

Hello Everyone,

I am having some trouble with trunking. Below is our current setup:

PA pair(vlan 48---x.x.48.254) ------core switch (vlan 48....x.x.48.1) for internal access (trust zone). we have a static route on PA---any traffic to internal network

[PANORAMA][ERROR] Can't use export or push device config bundle feature

Hello,

I got issues using the feature : Panorama > Setup > Operations > Export or push device config bundle.

I try to erase the local configuration of a PA-850 and push the Panorama configuration on it.

I got this error message when I click on push &

Need help on VPN PA firewall to IBM cloud VPN

All,

I am new to Palo Alto World

Really need your Help in understanding how can i create the VPN for the below

1. IBM cloud subnet only 1 subnet so thats okay. 

2. Multiple subnets behind my PA firewall, my question is how to NAT them all to go out?

I

SNMP on Active-Passive HA Cluster

Hello,

I have SNMP configured and working on the Active member of my HA cluster.  i need to set SNMP up on the Passive member, i have made the changes and saved config but it is not working, do i need to commit the config?  if so, would this cause an

GlobalProtect Connection Problems

Hi All

I have had to re-install a user client Global Protect Agent 2.3.3-5 as he couldn't  connect, after re-installing he still cant connect and getting a error message off:

#“(T10576) 02/01/18 13:55:00:745 Debug( 226): CPanSocket::onConnect - retur

How can we manage the Firewalls while Panorama is out of service?

In a scenario with many groups of firewall's centrally managed by Panorama.
The Panorama is running in a appliance without HA.

What we should do when Panorama is outage by a problem and we have to do any change in the Firewall Policies?

Best Regards,

Mar

Decryption policy options explanation required.

Hello Everyone,

I am reading about decryption policy and have some questions in my mind, so looking for some answers.

1- In order to apply the decryption profile, do I need to have action set to decrypt ?

2- what is the advantage if I have a decrypt

Determining failed administrator interface logons from syslog

Hello!

I'm running into an issue. I would like to record failed logons to the administrator interface via syslog but the log format and contents of the logs appear to be exactly the same as those when a user performs a failed login to GlobalProtect Cl...