Site to Site vpn with Dhcp server at remote site

Hi,

I have a site to site ipsec vpn between 2 PA devices. Lets call them Site A and Site B and at Site A I have a Cisco router acting as a dhcp server. I'm trying to have all the client at Site B get their dhcp address and scope options from the cisc

Traffic steering to wrong sub interface

Tearing my hair out here so any help appreciated.

This is a VM firewall, VM-300 ver 8.0.3-h4.

I have created new subinterfaces for three VLANs, one of which is a guest VLAN (111) which has its own vSwitch, port group, sub-interface and zone. However,

is APAC an option of logging service region ?

Hi all

i would just like to know what region logging service is available for ?

is APAC included?

and Do we have a plan for PANORAMA service on cloud. so customers dont have to have panorama on premise,  instead, just pay by month for this service?

t

Security profile to ipsec policies

Do you apply security profile ( AV,anti-spy, etc) to the ipsec policies as well. This traffic is encrypted.

Apply QOS for a particual Service or Server

Dear Team,

we have a SFTP server behind our firewall and its nated to one of the interfaces of the firewal , we need to restrict the bandwidth to the  SFTP server . when clients connects to the server for downloading files they will be restricted to

PAN-DB Cloud Connectivity Issues

Has anyone else had the issue with the firewall blocking URLs when the cloud db is not working?

I have had two issues where the firewall will not allow sites that are common and catorgorized correctly in the local db because the cloud connection is n

Show how long the VPN site-to-site tunnel is up

Hi everybody,

Is there any CLI command or log that show the time of the tunel VPN (phase 1, phase 2 or both of them) is up?

The commands:

show vpn ike-sa gateway <gateway name>

show vpn ipsec-sa tunnel <tunnel name>

It shows the lifetime since the last

How to Block all countries

I am trying to make a policy on my new PA-220 and i want to block all traffic coming in from every country except the united states..I can't figure out how to do that except by blocking every country one country at a time.. Can anyone tell me if ther

Globalprotect IPSec crypto

A couple of questions 

1. Is the IPSec crypto for global protect completely separate for the IPSec crypto option that you find lower down in the list on the firewall?

2. Is the Globalprotect IPSec crypto still used when x-auth is turned on?

The FW Can not match User based Rule when users were changed IP in using GP internal Gateway.

My customer uses GP Internal Gateway with a non-Tunnel mode.

It means it uses just only user authentication and enforces user-based rules.

I am facing an issue .

A user was connected to GP Internal  GW in office 1F and successed authentication.

The FW w

how to write a simple miner documentation

Hi there,

   I'm a new user, so hopefully this is a simple question.

I installed minemeld via source code on ubuntu 14.04 using the instructions on this page : 

https://github.com/PaloAltoNetworks/minemeld-ansible

 The installation went smoothly