ACC Behaviour

Hello everyone!

I've got a question about the behaviour of the new ACC in 7.0 and above.

I can apply a global filter for the action of deny.

When I do this, the graphs show no data, even if I click refresh.

If I click 'jump to logs' with the

Is there a list of Palo App IDs which require SSL decryption to work?

Hello community!

Do you know if there is a list (I think there used to be) of Palo App IDs which require SSL decryption to work?

Note: this is not the excluded from SSL decryption list, it is a list of Apps that won't be identified unless we SSL dec

show counter global filter category flow aspect dos

Hi,

Below is  output of  'show counter global filter category flow aspect dos' 

What does it mean by value and rate . Does it mean '143291' packets dropped ?     

PA blocks outbound port 10443, doesn't show up in logs

I have and external website that I need to access on port 10443: https://<public IP>:10443. The connection never completes and times out. 

If I pull the PA FW out and throw in an ASA, works just fine. The logs on PA don't even show port 10443 being

SMTP weird characters

Hi everyone!

My client's SMTP traffic goes through ASA and Palo Alto and some other network application devices such as proxies and stuff.

At some point, the SMTP message gets some SMTP characters added.

I removed ASA ESMTP inspection just in case, and

incomplete and ddos drops

Hi

The following report shows incomplete

Database: Traffic Log
Columns: Source Zone, Source Address, Source Port, Destination Zone, Destination Address, Destination Port,
Application, Bytes
Query Builder: (app eq incomplete) and (port.dst leq 1023)

but

Importing device into Panorama with shared objects

Hello

I would like to import device into Panorama with all objects as shared into Panorama. I read the below line from PA documentation 

Is it possible to set Log Forwarding profile on ALL existing policies

So, we have been handed down a new requirement that ALL traffic logs must be forwarded to a new syslog server. I've created the server profile and log forwarding profile on my firewalls. My question is:

Is there an easy way to add the log forwardin

IDS/IPS Replacement Product?

What Palo Alto product represents the modern replacement or incarnation of an IDS/IPS?

Download of Panorama for VM-Series Base Images

Dear PA,

Is there any release of Panorama for VM-Series Base Images available to download? If yes, where and how.

I need it to run in the VMware workstation player to test. 

I didn't see the in the software  Updates of my account. 

thank you.

r

Management interface making outbound port 80 connections to Google

Anyone else on 7.1 seeing connections from the management interface to Google?  I see connections (once per hour) for application google-app-engine from my management interface of a PA-200.

Thanks.

Source IP address is set to "none"

Hello All,

Lately I am noticing some polices that the Source IP address set to none as shown below can anyone let me know if none act like any or not?

I think yes as I created policy from Noc_OSS zone with IP add 192.168.*.* toward Default zone wit

Ethernet interfaces randomly resets

Hi,

I have an issue, I'm running PA-200 with PAN-OS ver. 6.0.12

I'm running Palo in Virtual Wire mode Eth1/1 is untrusted zone and Eth1/2 is trusted zone.

My problem is that from unknown reason the interfaces randomly just freeze (LEDs are going