how does mac based policy and high cpu clear?

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

how does mac based policy and high cpu clear?

L3 Networker



It uses the PA400 model.


1. I'd like to use a Mac address policy like a Fortigate.

   └ macbinding, mac address-based police


2.  Is there a command to kill high cpu usage?


Community Team Member

Hi @qmso475 ,


1. I dont believe there is a capability to filter view MAC at the moment. I would recommend reaching out to your Account Manager and SE to request a feature request.


Check out this link regarding submitting feature requests.

"If you find yourself in a similar situation, you can reach out to your Palo Alto Networks representative. You'll send them all the details about the feature in question, and they'll take the necessary steps to have a Feature Request created for you. They'll give you a Feature Request ID (FRID). Each FRID can then be voted on by other Palo Alto Networks customers. Based on urgency, number of votes, and other factors, PAN will then decide which new features will be considered for new software and/or hardware releases."


2. Could you describe the issues that you are experiencing with high CPU usage? Do you see high utilization in the Management or Data Plane? Here is a useful KB on troubleshooting.

LIVEcommunity team member
Stay Secure,
Don't forget to Like items if a post is helpful to you!

Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.


Thank you for your answer.


I wonder if there is a similar command in Paloalto like this command.

"diag sys kill"

Cyber Elite
Cyber Elite


While not a MAC address policy, I'm assuming that what you actually want to do with this is limit access to something from a particular device instead of a particular user (which would be accomplished through User-ID) correct?

If that's the case, you can get similar functionality by using a HIP Object and HIP Profile to limit your security rulebase entry to just allow that single device or group of devices access through the firewall. You'd have to have a GlobalProtect subscription to gain access to utilize HIP, but you'd then build out an applicable object based off of the host criteria and group any/all of those hosts into a HIP profile. You'd then limit the security access you want to restrict to anyone matching that HIP profile and can throw User-ID requirements in for good measure. 


Not the same or as simple as what Fortigate has with their MAC based policies, but it actually ends up being more secure than relying solely on MAC address of the connected device. 

  • 3 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!