205 access points blocking one ssid

We are current ly running 4 ssids on our network. One of which is for our food service. We have 3 accesspoints providing coverage over the commons during lunch, we would like to disable one ssid created for student use while leaving the others open o

the easiest way to get the peak number of active sessions on firewall?

i'm  wondering  to aquire the easiest way to get the peak of  number of active sessions on firewall?

some ways i figured out are

1) check SNMP active session OID every minute and spot a chart.

2) fire up SSH "showing session info" every minute by a pyt

IPsec Site-to-Site VPN trouble (decap bytes 0)

Hi all.

I am trying to set up an IPsec s2s tunnel with non-Palo Alto peers. So far I have tried 3 different peers (Strongswan 5.3.2, Cisco router, Cisco SOHO router) and every time I have problems seeing incoming decrypted traffic to the PA.

"Local sit

ADFS SAML Configuration

Hi all

I need help to configure ADFS SAML with global-protect.

i have successfully imported the metadata.xml from adfs into palo.

But now i can't export the metadata from paloalto. 

Whats the correct identifiers and endpoints urls for global-contect c

Per IP Traffic shaping

I have one question.

Does the PA 5020 can shape traffic per host (ip) ??

Security Policies Not Applied When Client Use Web Proxy on Their Browser

Dear all, I am currently learning the Palo Alto Firewall using Palo Alto VM. I've configured some security policies, for example, file blocking that forbide client to upload a PDF file (including to those website which use SSL). All of the policies a...

Understanding Panorama Backup and Recovery Procedure

Hypothetical Scenario...

Through catastrophic failure I have lost my Panorama which also contained device configs. In order to re-build it from scratch which config file should be saved and exported, and then imported?, I note there are few option ar

Logs export and viewing

Hi,

I have a requirement to be able to maintain logs (all url,threat etc) for a period of atleast 6 months, this should be independant of the disk space. I have founf out that from the command line you can export the logbd using scp and back it up, bu

Miner for firehol

This one is fairly straight forward. Based on an ipv4 miner:

attributes:
confidence: 50
direction: inbound
share_level: green
type: IPv4
ignore_regex: ^#
source_name: firehol.blocklist_net_ua
url: https://raw.githubusercontent.com/firehol/blocklist-ip

GlobalProtect Client Version Report

When deploying the GlobalProtect client upgrades, is it possible to run a report to see what GP Client version everyone has installed?  

This will allow us to see how well an upgrade is going to remote computers, and if any computer may not be commun

How to create a p2p tunnel from Palo Alto with static ip to Palo Alto with dhcp (with public ip)

Dear all,

I am looking for a way to get a site2site tunnel working between a Palo Alto with static public ip and a Palo Alto with a "dynamic" endpoint (public ip through dhcp)

The tunnel shows as status green in the GUI and also on CLI it shows up, bu

Configuration of Logs PA220 - log database exceeds alarm

Hi,

I just can't get a handle on logging. Currently the PA220 reports with PanOS 8.0.5 "Current size (357 MB) of threat log database exceeds alarm threashold value (90%) of total allowed size (368MB").

I have already tried to change the quota % value