PA lost mapping

hi, we are expecting problems with group-mapping. Yesterday we deleted a group from group-mapping profile and suddenly PA lost match in all the rest of groups in this group-mapping profile. we ran show user group-mapping state all and Number of group...

VPN Client, Can't connect to internal zone?

Hi, Good day!

I would like to ask what would be the problem,

From outside user accessing via ssl vpn (VPN ZONE) below details are working.

1. It can connect / has the ip pool assigned

2. It can reach the internet using the assigned pool.

Problem is fro

Pros and Cons of v-wire

I'm setting up a PAN firewall between our company and our business partners who have direct connections to our LAN.  My idea was to use v-wire but some of our other network administrators say it would be too difficult to troubleshoot.  What are the p

Virtual router from firewall in series with physical router.

If I change our virtual wire setup to layer 3, have the IP addresses on both interfaces be local network IPs, and set a static route for 0.0.0.0 to point to the existing physical router on the WAN side of the virtual wire, will traffic (tagged and no

Commit failing

Running a VM-300 on PANOS-7.0.3

When attempt to make a commit (either through GUI or CLI), it hangs at 98%, and then fails.  The commit failure outputs the following:

QOS with multiple active pbf ISP

Hi,

We currently have pbf setup to support two active ISP.

The setup on panos 8;

Zone LAN Virtual router 1( aggregated link constisting of two ethernet interfaces)

Zone ISP1 200/200 mbit Virtual router 1( ethernet interface 2)

Zone ISP2 200/40 mbit Virt

API timeouts/Web UI unresponsive

Hello,

Managment plane stops responding when sending a number of User-ID XML API calls to FW (tried using PAN-OS 7.1.5 and 8.0).

Any API calls during this time either time-out or return 502/504 HTTP responses.

After close to exactly 5 minutes later fr

What kind of speed should I expect from client VPN connections?

We are looking at a new PA 5250. We currently have a PA 5050 for testing. Last night I was getting about 70mbit/sec on my home cable modem. I can get 300mbit/sec without the VPN. A really old Cisco ASA was giving me about 30mbit/sec.

Any thoughts on

BGP establish state flapping.

I have couple of bgp established on the firewall. Confiugured new one to AWS ,tunnel comes up but Bgp is flapping.

System logs.

BGP peer session enters established starte,peer ip:169.254.32.1

BGP peer session left established state,peer ip: 169.254.32.1

Select route with shorther prefix length

I have a static route for 172.16.0.0/12 but my PA is also learning through OSPF a route for 172.16.0.0/24.

As these routes have different prefix length both are installed in the routing table and the dynamic route for 172.16.0.0/24 learnt through OSF

Configure a static 1-to-1 destination NAT policy

Hello Live Community, 

I am a new comer to the firewall game and I am wondering how would I go about setting up static 1-to-1 destination NAT policy on my PA-500 Firewall. I just recently set up the firewall using the documentation below and everythi

certificate is not signed by a trusted certificate authority.

Hello guys, I have a one question about Global Protect. I configured it and all was working properly, but when i updated my global protect to the versin 3.1.5 or new 4 and then when i trying to connect an error occur "Gateway ... : Server certificate