Slow internet performance behind PA-500

I recently upgraded to a 250Mbps internet speed.

When I plug my laptop directly into the ISP router I am getting close to 300Mbps.

But behind the PA-500 firewall, I am getting around 80-90Mbps.

Firmware is 7.1.10 running in HA

What would cause this?

Looking for some rule guidance

Hello all,

I'm trying to get some access restricted to a few subnets that fall into our /16 range that we currently have in our Palo. The way it would look is we would have 2 subnets smack in the middle of the /16 that we only want to allow access to

PAN-DB URL filtering Download Now

Hi All,

Simple question:

What does "download now" status indicate?  

Do l have to click "download now" to enforce my  PAN-DB?

TI automation - Export internal IoC to the community [part 3]

Hi,

a new post on the Threat Intelligence automation journey.

Now, after architecture and hardening and custom prototype and SOC integration, it's time for howto export IoC to the community in a standard way (STIX/TAXII).

Here the new post: Export in

HTTP 405 Error on Captive Portal JS files

Hi,

when the user is presented with the captive portal, in the browser you can see that "jquery.min.js" and "bootstrap.min.js" gets HTTP 405 error message. This sometimes causes troubles to successfully finish captive portal login.

Miner certificate authentication

Hello!

Could you tell me,

Is there a miner with support authentification via client certificate?

In particalur I need a JSON miner with this function.

Thanks!

MP-BGP routes flapping.

I have 2x3020 running panos-8.0.4. It does bgp with 2 cisco routers running mp-bgp.

when running 8.0.4 and mp-bgp enabled or disabled the bgp peering flaps every around 144 sec.

I suspended 1 fw and downgraded other to 7.1.11 making it active. since 7.

Accept UPN when GlobalProtect is the default credential provider?

PANOS 8.0.2
GlobalProtect 4.0.2
Client Windows 10 Enterprise x64

We currently use Microsoft DirectAccess for all our Windows clients
The Big plus of DirectAccess is that it works pre-logon and is completely seamless for the end-user, but it is Windows on

Details on URL Filtering Domain Classification

We've recently launched a Palo Alto deployment on our campus and are using the URL filtering capabilities to block any URL that is classified as 'malware' or 'phishing'. We're using PAN-DB as the source for the categories and were wondering what exac

Active/Passive HA cabling to Cisco Switch Stack or Nexus

I am looking for a cabling recommendation diagram for LACP portchannels from Cisco Switch Stacks or Nexus to HA Palo Alto Pair. Nexus can obviously use vPC feature so it may be slightly different than a switch stack. 

Switch stack cabling currently:

aged out vs unknown

HI,

From some pc session end reason for dns traffic shows 'aged out'
and for some shows 'unknown'
what could be the reason
internet traffic from the pc which shows aged out are really slow
any help

Thanks

internet issue

Hi,

I have an issue  the internet is very slow for a vlan  10 ,

In my qos rule this is network class in 2 and  the another vlan  11 in the same class  has no issues .

And the rule number for   qos  vlan10 is 10  and for vlan 11 is 50 .

'

If any client u