PANOS 7.0 SNMP logical interface counters

I tried the feature and the RX and TX counters are a way off from the physical interface (Tested on 5060 using e1/21 and e1/22 for AE1).   I opened a case with TAC,  and this is the explaination from TAC,

For hardware interfaces (ethernet1/21 and e

When will a new GlobalProtectClient GUI/UI be written?

We've been holding off replacing our Cisco Anyconnect clients as the interface of GlobalProtect is a big downgrade for us.

Any idea when/if there will be improvements made to the GP UI?

At the moment it looks like it was developed by engineers with n

Crazy policies needed for BGP and VPN

Hi,

first read this article:

https://live.paloaltonetworks.com/t5/Learning-Arti​cles/Any-Any-Deny-Security-Rule-Changes-Default-Be​...

then

 I have this exactly behavor but I don't have wrote any/any/deny rules!

In my enviroment both intrazone-defa

Vulnerability exemption

Hi

what is actually
simple-client-critical
simple-client-medium

I

I  want to change the default action from alert to block .
the rule is under simple-client-medium , but the search result shows it is under
simple-client-high

Thanks

URL White Listing

Hi all,

First of all, we are impressed about MineMeld, thanks Luigi for your ideas and work.

We have just started to play with MineMeld and wandering the format to whitelist domains and network ranges using stdlib.listURLGeneric (as wlURL)

We would l

No Email protection for SaaS

The closest way to protect a SaaS email soltuion I have found is Proofpoint which has a wildfire API hook option.

I am supprised there is no SaaS service for forwarding attechments or inline scanning of email directly from paloalto networks.

TAP interface questions

I'd like to monitor a portion of my network on my failover PA in TAP mode.

Will this affect my HA pair at all? 

Is it possible to set up an aggregate TAP of 2 ports?

thanks in advance...

any to application default

We are working on hardening our firewall rules by replacing any to application default(service) and from any to the specific application(application). Example - we changed any to web-application and any to application-default. People hitting the same

High count of packet retransmissions/Dups over IPSEC/VPN

Hi!   

I'm running IPSEC-VPN (AES256/SHA256/DH14) tunnel between a PaloAlto PA-500 and a Fortigate 110C via Internet (10MBit up/down guaranteed both sides - latency between 40 and 50ms).

90% connections are ICA/HDX connections (TCP 1494 and 2598) for X

ipv6 aggregator

Is there an ipv6 aggregator on the roadmap?

I noted that the URL aggregator can already extract them when the miners includes ipv6 IPs in the URLs (ex: office365), but did not find a way to get just the IPv6 addresses.