Interface in vsys

Hello

this may sound like a stupid question but i could not somehow find a definitive answer to this in the PAN OS Guide:

We have to configure a 3050 iun multi-vsys configuration. We would be needing 2 interfaces per vsys and we wil be having 2 vsys

Unstable ipsec detection for ipsec-esp-udp application when connecting Globalprotect VPN

We have a setup with a primary PA firewall 1 that pass through Globalprotect VPN traffic to a second PA firewall 2. We've seen sporadic connection problems when connecting a Globalprotect client. Sometimes it can spend up to 2 minutes to establish th

GlobalProtect install restrictions

Hi all

I was wondering if there was a way to restrict who can install the GlobalProtect client ?

As an example, at the moment if any user launches the gateway page can download and install the client on their own computer albeit they need an active ac

SSL decryption error

I had configured SSL decryption on PaloAlto VM-50 before 6-7 months ago. There was working normally till today. Today some users get below error when they want to enter site. There is shown “decrypt-cert-validation” message on PaloAlto traffic logs.

Help with configuration for a test network going through our live environment 5050's

Just mainly need direction on where to go with this. We have 2 PA5050's in our environment and no test network for the main network. We do however have a new test satellite network where some of our DB's and others want it to have access to live envi

Help with IPSEC VPN with overlapping subnets

I'm working with a vendor to setup an IPSEC VPN but we have an overlapping host address. My side has a PA500 and their side is a Sonicwall.

Palo Alto Side:

Source server: 192.168.100.20

Their Server: 192.168.100.85

My server NAT address: 10.0.0.20

Thei

High memory usage PA 3020

Hi, can someone help me? I have PA-3020, about 900 security policies, about 50 vpn tunnels (low traffic), I noticed high memory usage , What could be the reason for this? How can i relaease this?

soft: 7.1.4-h2

Cpu(s):  0.5%us,  0.5%sy,  0.0%ni, 98.8

Unused Services

Is there a way to tell if a service is being used? I am trying to verify that the services the migration tool lists as unused can be deleted. It might be enough to go by what the migration tool says but I usually like to verify it a couple different

SSL decrypt with client certs

Hi

is it possible to decrypt SSL connections that use client certs. I'm guessing not.

Thought I would double check.

A

The dreaded any

I got a health check report and according to it I have a least one any in every single rule I have on my firewall. I was just curious if anyone  has been able to have at least one or more rules with no any's at all.