How to Allow an App But Block a "Depends On?"

From what I understand, you need to explicitly allow "depends on" apps for a given app to work,

https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Check-if-an-Application-Needs-Explicitly-Allowed/ta-p/61893

However, what if I want to

Aggregate Ethernet Trunked Traffic in a VWire

Hi Team, 

I was wondering if the below is acheivable. I plan to deploy vwires for this setup. Upstream switch's are Cisco switch's and same with downstream. (downstream switch's are stacked switch's - so logically one switch) The red is indicating

Issues with SSL Inspection

Hi,

I am having this weird issue where an application breaks because of SSL inspection. I have made an exclusion  based on the certificate:

ssl-exclude-cert [ login.salesforce.com *.salesforce.com ];

However, the firewall still decrypts the traffic, a

PBF e-mail notification

Hello,

Does anyone know if there's a way to have a notification e-mail sent when PBF kicks in?  We had a hiccup on our Internet circuit and PBF worked flawlessy... so well though that I wasn't really aware of the circuit issue until the next day when

PAN-OS 7.0.3 is out, Please share your experience

Hi All,

PAN-OS  7.0.3 is out, Please share your experience.

Did some smoke tests and its looks ok,

Several SSL decryption bugs who where reallly bugging me are fixed.

PA 500 stop sending reports automatically by email

Hello,

After upgrading two cluster of PA500 to 7.0.1, customized reports cannot be sent automatically using email.

Using the 'Test send email' is working so it's not an issue with the config. The device stop sending the reports after 18 days...

Regard

VLAN with Palo Alto Networks PA-500

Hello,

We need to set up a VLANS in the office with the PA-500 but we don't like to change our address. It's possible to configure a VLANs with MAC address or protocole with PA-500?

Thanks 

Custom Vulnerability Signature. Is this limitation correct or is a fail?

Hello

I've been trying to create a custom vulnerability and I have encountered this limitation:

Currently in Threat Database Vault 529 version there are 50 signatures for PHP.

 I'm trying to add all PHP signatures and this message appears when it excee

Is it possible to configure dynamic load balancing using Routing protocols for below shown topology?

Hi All,

Is it possible to configure dynamic load balancing using Routing protocols which are supported by PaloAlto?

Requirement :  We have total 16 MB line ( 8 MB from Aircel ISP and 8 MB rom TATA ISP ). We are looking to balance the load on both isp

IPSec VPN issue

Hi All,

We have configured IPSec VPN between PAN and AWS. 

When i iniate the tunnel, IPSec and IKE SA installed successfully as a initiator.

then, IKE protocol IPSec SA delete message sent to peer. SPI:0x...

After a second, IPSec key deleted. Del

HA Upgrade

I found this link on the knowledge base

https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Upgrade-a-High-Availability-HA-Pair/ta-p/57081

Has anyone used this method or any other method that they would like to share. I am currently at 6.

How to trigger a message when a particular DENY rule was hit?

Hello,

is it possible to trigger a message (whatever), when user hit a deny rule?

Roman