About David_Avery

I should note: on my Managed Devices screen the Last Commit State still shows the warnings but the tasks for my commits completed successfully without the warnings so I'm not sure what that is about hopefully with my next commits they will update on the managed devices screen ... View more

Thanks Anurag, I see the same settings, but I'm unsure why if I'm not configuring those settings why is my push state showing warnings   in my panorama I see the values: .@Panorama# show template <template> config vsys <vsys> global-protect global-protect-portal raven-gp-portal client-config configs <gw>-portal-agent gp-app-config config mfa-enabled mfa-enabled { value no; } [edit] .@Panorama# show template <template> config vsys <vsys> global-protect global-protect-portal raven-gp-portal client-config configs <gw>-portal-agent gp-app-config config mfa-listening-port mfa-listening-port { value 4501; } [edit] .@Panorama# show template <template> config vsys <vsys> global-protect global-protect-portal raven-gp-portal client-config configs <gw>-portal-agent gp-app-config config mfa-notification-msg mfa-notification-msg { value "You have attempted to access a protected resource that requires additional authentication. Proceed to authenticate at"; } [edit] .@Panorama# show template <template> config vsys <vsys> global-protect global-protect-portal raven-gp-portal client-config configs <gw>-portal-agent gp-app-config config mfa-trusted-host-list [edit] .@Panorama#  but I can't find the corresponding info on my firewalls, so I'm wondering if these are an 8.0 train setting only because my firewalls are on 7.1.x train   It also seems to only be affecting my one site which I recently downloaded and activated the 4.0.2 global protect client on     Thanks ... View more

Sorry to necro an old thread but this one seems to be the most relevent I've come across so far to my related question in that:   For sizing zone protection / flood protection, the values are all set in packets/second. If I'm trying to accurately size my zone protection to enable for my own in-house load runner servers which generates traffic on thousands of IPs I'm sure I could say I will easily be able to push the firewall to its max if we don't restrict them down.   'show system statistics session' only relays the current packet rate, which I do thank you all for pointing out if I can get my load runner guys to generate the traffic at a reasonable hour rather than 2 in the morning I can now at least watch from the console what is happening before my network shuts itself down (anyone else who comes upon this thread and has the same situation where ZP is killing your network, avoid "random early packet drop" go with SYN cookies)   If I go with simple MTU 1500, and PA-5060 full theoretical max of 10Gb/s througput, and my math is correct that would be a potential maximum of 833,333 pps?   10Gb/s =  1,250,000,000B/s 1,250,000,000 / 1500 = 833,333.33~   This of course can't take into account for any overhead the firewall is doing on L4+ deeper inspection, AppID, if decrypting SSL, etc. etc. right? So would a safe rule of thumb be 800k pps max that the unit is capable of in terms of pure L3 firewall inspection?   I've already tripped ZP and had to disable at 400k pps so I want to be sure I know what I'm up against.   Thanks for any help anyone can provide. If there is a white doc somewhere with the actual pps I truely appreciate your search skills as I haven't found it and of course talking with Palo Alto Engineers specializing in ZP they've told me it's all subjective to the environment so they can't make recommendations. ... View more