Behaviour app override

Hi, we are having an issue using app override. 

1) We have created a custom app for Oracle (without timeout). Using these ports: tcp1521-1541.

This is the config

This is the app override policy:

This is the security policy (app any and ports

Clearing Traffic Log

Running 7.0.6 on 7050's I cleared traffic logs and lost connectivity to management sever and took about 30 min after restart of mgmt sever for traffic logs to reappear . Is this normal. Which log file has info on managemt disconnect files/reason info

system alert high opaque: websrvr: Exited

After we upgraded from 7.0.6 to 7.1.2 in one go we started receiving this error message. Does anyone know what causes this ?

We are running active/active on 3050's

domain: 1
receive_time: 2016/06/02 10:25:41
serial: 001701002580
seqno: 2017446
action

Feed of one EC2 Availability Zone

Is it possible to filter down the Amazon EC2 feed to specific availability zones (just us-east-1 or eu-west-1)?

Nested Policies Suggestion

Not really sure where to put this, but thought it might be a good idea and wanted to share it. Im still rather new to PA and so far I am enjoying it! However, I noticed after a while of creating and editing security policies it becomes quite a mess a

Two-factor PAN webconsole authentication

Hi,

I would like to use a two-factor authentication for the administrators when they access the PAN-500 web console.

With an authentication sequence I can use 2 ways to authenticate but I want to force the use of both. Is that possible?

PANOS 71.2 GLOBAL PROTECT 3.0.2 Gateway Protocol error. Check server certificate

Hello,

I'm using GP 3.0.2 on a Win7 PC (PAN OS 7.1.2).

I'm getting error 'Gateway x.y.z: Protocol error. Check server certificate.' error message.

I have already reinstalled  the client on my computer. Same error message.

My colleguea, using WIN 10

Cipher suites decryption 7.1

Hi guys,

Configuring inbound SSL inspection on 7.1, decryption does not work with the newly supported cipher suites shown in the document below.

https://live.paloaltonetworks.com/t5/PAN-OS-7-1-Articles/PAN-OS-7-1-Supported-ciphers/ta-p/71969

On

Virtual System licensing question

Hi guys,

I have never installed a virtual system so I am wondering how licenses for the Antivirus, URL filter etc are applied, are these applied to the base firewall or do we need to get a license for each virtual firewall hosted on the virtual sys

SSL decrpytion and TeamViewer

I was wondering if TeamViewer uses certificate pinning so I tried to decrypt it. I've set a simple decrypt rule to decrypt everything from one IP going to internet. But the rule doesn't seem to work for TeamViewer. All SSL sessions are decrypted but 

How to Remove Configuration Lock

Hi,

How can we remove the configuration done on PAN by other admin, which has not been yet committed, but shows up on the configuration locks?

Best regards,

B.

No User ID in traffic logs (unless I filter soruce user afterwards) and User activity report blank

Has any one  expereinced any issue to where the ACC shows source user-id but when ser report is ran its blank? Equallu I do not se user name in Traffic logs but  when I filter by source user the name shows up. I tried restarting agent and everything

Dangers of creating a permiscuous IPSec VPN ( responder only) VPN

We have a business partner that wants to create an IPSec VPN tunnel with our PA-5050 using pre-shared keys, but they don't want to provide a Public IP address for us to peer with.  Their other clients configure the remote peer address of 0.0.0.0 basi

What Firewall Change Management software is working with a PAN ?

Hi,

Is there anyone that can tell me which Firewall Change Management ( Skybox, Tufin, Algosec,.... ) is REALLY working with a PAN ?

Most of them claim they can do it, until you test it... nothing works...

Some of them announce PAN support for next year