Issues with SSL Inspection

Hi,

I am having this weird issue where an application breaks because of SSL inspection. I have made an exclusion  based on the certificate:

ssl-exclude-cert [ login.salesforce.com *.salesforce.com ];

However, the firewall still decrypts the traffic, a

PBF e-mail notification

Hello,

Does anyone know if there's a way to have a notification e-mail sent when PBF kicks in?  We had a hiccup on our Internet circuit and PBF worked flawlessy... so well though that I wasn't really aware of the circuit issue until the next day when

PAN-OS 7.0.3 is out, Please share your experience

Hi All,

PAN-OS  7.0.3 is out, Please share your experience.

Did some smoke tests and its looks ok,

Several SSL decryption bugs who where reallly bugging me are fixed.

PA 500 stop sending reports automatically by email

Hello,

After upgrading two cluster of PA500 to 7.0.1, customized reports cannot be sent automatically using email.

Using the 'Test send email' is working so it's not an issue with the config. The device stop sending the reports after 18 days...

Regard

VLAN with Palo Alto Networks PA-500

Hello,

We need to set up a VLANS in the office with the PA-500 but we don't like to change our address. It's possible to configure a VLANs with MAC address or protocole with PA-500?

Thanks 

Custom Vulnerability Signature. Is this limitation correct or is a fail?

Hello

I've been trying to create a custom vulnerability and I have encountered this limitation:

Currently in Threat Database Vault 529 version there are 50 signatures for PHP.

 I'm trying to add all PHP signatures and this message appears when it excee

Is it possible to configure dynamic load balancing using Routing protocols for below shown topology?

Hi All,

Is it possible to configure dynamic load balancing using Routing protocols which are supported by PaloAlto?

Requirement :  We have total 16 MB line ( 8 MB from Aircel ISP and 8 MB rom TATA ISP ). We are looking to balance the load on both isp

IPSec VPN issue

Hi All,

We have configured IPSec VPN between PAN and AWS. 

When i iniate the tunnel, IPSec and IKE SA installed successfully as a initiator.

then, IKE protocol IPSec SA delete message sent to peer. SPI:0x...

After a second, IPSec key deleted. Del

HA Upgrade

I found this link on the knowledge base

https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Upgrade-a-High-Availability-HA-Pair/ta-p/57081

Has anyone used this method or any other method that they would like to share. I am currently at 6.

How to trigger a message when a particular DENY rule was hit?

Hello,

is it possible to trigger a message (whatever), when user hit a deny rule?

Roman

Getting .merged-running-config.xml from a version 7.0.2 firewall?

After upgrading a Panorama-managed firewall from 6.1.x to 7.0.2, a generated techsupport file no longer contains the .merged-running-config.xml as described in doc-7904.   I need to obtain the merged configuration from a firewall managed by Panorama,