General Topics

Palo Alto and Cisco LACP configuration

We are having a problem setting up a port channel/aggregated ethernet interface using two 1 gig connections between our Palo Alto (model 5020, PAN-OS 8.0) and a Cisco switch (model WS-C3750G-24T (IOS: 12.2(55)SE1). We have worked with TAC but can't s

SNMP for Monitoring Palo Alto Networks Devices

Hi there,

The link https://www.paloaltonetworks.com/documentation/70/pan-os/newfeaturesguide/management-features/extended-snmp-support.html indicates that VPN tunnels can now be monitored. However the ifOperStatus and ifAdminStatus OIDs always respon

Inter Vsys Throughput Limitation

We are currently testing out a PA-5220 in a POC.  We have run into a strange issue with througput limitations when traffic is passing between Vsys.  On a single Vsys (L2, L3 and vWire), we are able to max out 10Gb's using a single TCP session with ip

failover

Is there anything such as a particle failover with a palo alto firewall? Can it start to failover and suddenly fail back and block some traffic

Several sessions outage/interface drops

Hi,

We have a PA-5050 with PaNoS 7.0.7, we are expecting that there are moments during the day when the traffic increases that there is a outage for several sessions, but the sessions are still very low for this PA-5050. And we dont know why some ses

PAN as proxy destination?

Does anyone know if I can configure a web browser to use the PAN device as the proxy?  We used to have an ISA as that proxy but after installing the PAN's (two 500's in HA) the ISA waqs moved to a DMZ and only helps with incoming connections to thing

Panorama 8 not receiving PA log

Hi,

We are deploying a new Panorama 8 VM (in Panorama mode) and configured it to receive log from a PA-5020 running PA 7.0.11.

The Panorama GUI not show any log. I've debugged it in CLI:

> tail follow yes mp-log logd.log

2017-07-18 16:05:36.213 -0300 E

trial version of palo alto vm

i want to download a trial version of palo alto vm can some one provide me with link or any thing help.

thanks and best regards!

option 61 on dhcp client non-mgmt

I have ether1/1 assigned as my untrusted/WAN interface. It is in Layer 3 mode and has been set as a DHCP-Client. I need to tell the firewall to send a option 61 (clientid) as part of it's DHCP discover. I been looking though OS 7.1 and can't find it

PAN 5250 routing question

Hi guys, new with PANs but not with firewalls.  Replacing our older Cisco ASAs with PANs and have a design question for larger installations (about 10,000 simultaneous users).  We currently route our wireless traffic with two pairs of Cisco 6500/sup2

Box - Control access

We are discovering more and more companies are using EFSS (or just FSS) solutions like Citrix FileShare, Box, OneDrive, Google Drive, and even Dropbox to share content.  We have had a blanket deny policy for a long time so as to prevent using one of