General Topics

LACP in HA issue

I have a pair of PAN 5060 (v.7.1.2) firewalls  in HA Passive/Active connected with LACP to pair of core Nexus 9000 switches. From time to time (every hour or few) connectivity to active firewall is faling (can't ping firewall LACP L3 interface ip add

Updates to firewalls from Panorama show failed, but seem to install properly

When I try to push updates to our firewalls from Panorama, it reports that the job failed, but the jobs seem to complete anyway.  This happens when pushing dynamic updates, and I had it happen again to a software upgrade on a PA-200 last night.  When

How does ACC work?

Hello,

I tried to find a technote to explain how does ACC work,  please help me to understand,

1. Where does ACC collect the data from? 

2.  Is traffic logging (log at session end) required for ACC to work?

3.  Is ACC real time (with 15 minute delay)?

FQDN address objects not resolving

Hi guys,

I've seen a few bugs in the past regarding FQDNs not resolving. Since an upgrade to 7.1.2 the DNS addresses aren't resolving properly and thus aren't hitting the correct policy I have the address objects on.

 This issue resolves itself when

Content 596 Update - Seeking more details on customer reported problems

Can anyone provide details on some of the problems that were experienced after applying content update 596?

We spent all night troubleshooting a problem where our PA3020 was impacting TCP\9100 traffic. The problem started soon after the update. We wou

File Blocking Cant recognize .txt files

Hello to all,

I am trying to find a way for Palo Alto to recognize some how *.txt files so I can be alert when it pass my Firewall.

Any ideas how I can make this happen?

I have search on the extension list but the .txt is not included some where.

Tha

Panorama 7.1.2 > template validation error -> TEMPLATE1 is missing 'settings'

Even trying to do it via CLI it does the same. Originally it didn't even show that vsys1 was an available vsys after the settings default-vsys command until I tried to enter it once (which it didn't complain about). Compare to running config does not

Agg Interface Subinterfaces over multiple vsys

Hi,

I am working on multi-vsys (4) design with PA-7050 chassis. I would like to know if I can use aggregate interface over multiple vsys. I am thinking of using aggregate interface so that i can get link redundancy. The agg interface will have multip

VPN users getting "password expires in 0 days" after upgrading to 7.0

Hi all,

Today I upgraded our PA-500 from 6.1.4 to 7.0.0.

After the reboot, when I log in with the GlobalProtect client, I receive the following message in red in the warnings/errors section:

"Password expires in 0 days."

We authenticate our VPN users to

Custom System Event ID Severity

I would like to set the severity of the vpn tunnel-status-up event to critical so that it triggers an email without having to get emails for all informational notifications. Does anyone know if this is a possibilty as it currently sits?