Upgrade PAN-OS 7.0.9 to 7.1.6

Hi,

We are planning to upgrade the PAN-OS software from 7.0.9 to 7.1.6. I read on some articles that the base image does not need to be installed.

I have two options as follows:

Option 1:

• 7.1.0 (Download, NO install).
• 7.1.6 (Download and install).

Opti

Aggregated port over Vsys (AE1 over...)

Hi, 

I'm thinking about put som vlans inside and Aggregate, and distribitute over various Vsys, as far I know, reading here in the community, it's possible use subAEinterfaces on different VSYS.

Then, the question is, on wich VSYS must be the physica

Flood protection

What is the best way to set up flood protection, separate profile one for ICMP, one for SYN cookies etc or put it all in one policie? What is the best way to determine what set your alarm rates, block rate etc? How successful is it, does good traffic

Ip missing in output

Hi,

I have default profile.

I added a node "RW_IPBL NODE"  that has 11464 ips

But after processing I only see 900. Generated I think by other nodes.

What can be wrong?

Thank you

MineMeld and dinamic list in Pa500

Hi,

We have a Pa500. It read that only permit 10 list with a max 5000 ip's.it is right?

I have deployed a MineMeld with default configuration. I have a list configured in Pa-500 https://ip-minemeld/feeds/inboundfeedhc.

License for SSL VPN (GP Client)

Hey guys,

We have a PA 200 as lab firewall and I want to setup SSL vpn.

Can you tell me which licenses I need for it?

The GP window (Device -> GP Client) is completely empty. When I check for new versions, it says "The device does not have support".

group mapping lost suddenly

Seems like a bug any one faced in 7.0.9. We have several firewall and 2 time it happened group mapping lost suddenly and we have manaually refresh to get it it back.

change webcertificate

Hi,

Testing with Rome release I notice we need to have trusted CA on the Minemeld webserver. You can't use the Minemeld default certificate to import on the PA firewall.

So I had to manually change certificate in the NGINX. 

Maybe this could be inc

what if minemeld feed is not working

What happens if if whitelist some IP and then MineMeld is shutdown ? Will source or destination in the rule be replaced by 'any' ?

Policy Rules order

Hi there,

if we are going to the tab "Policy" we will see 7 different sub tabs. The tabs are:

Security

NAT

QoS

PBF

App Override

Captive Portal

DoS Protection

So I know for example that Security rules are always checked before NAT rules but whats about the

Palo alto networks Problem Session out

Hello ,

I have a problem with my firewall PA-200. When I try to open the GUI , I found an error message with a session out . You can find in the attachement this error message .

I read that may be this problem can be related to the disk space. I do a