GlobalProtect Data File

I can't get the GlobalProtect Data File to download. I have it scheduled to update hourly for a couple of days already but nothing. If i click 'check now' I don't get any version to download. I didn't find anywhere to download it manually.

Dynamic

Bulk upload of set commands in PAN-OS

Hello All,
I'm working on a migration that requires me to breakout one large SRX config into a PAN-OS config while implimenting multiple VSYS instances.  I am managing the configuration via Panorama, so I've got a base config out of the migration tool

Is there a PAN OS CLI command to do the keygen for the API calls ?

I have used the XML API command to generate keys using the keygen option

but I am searching for the PAN OS CLI command to do the same.

Thanks for your help

PA-500 Url Filtering

Hello,

i have another problem with policies...

I used AD to filter people which can access the appropriate site. 

And I have rule in order:

1. Allow facebook (when I give access to whole facebook application)

2. Allow Youtube (when I use url filt

configuration of the NAT rules to DMZ zone

Hello, 

In our office we have two servers in a DMZ zone (10.10.10.3 and 10.10.10.4). In the PA-500 I created a DMZ zone that's related to a vlan in the switch . This switch i related to the serves (10.10.10.3 and 10.10.10.4). 

The servers are in DMZ

User Activity Report - Username not available for report

Hi All,
 
This is my first time posting, so if I am doing it wrong, please let me know. I have attempted to find relevant documentation, but nothing I have found actually seems to describe my issue.
 
I had a request for an activity report for a user to

Signature Questoin - New Malware Affecting Cisco Devices - SYNful Knock

Please review the following white paper produced by Mandiant. 
This also has SNORT rules attached.

https://www2.fireeye.com/rs/848-DID-242/images/rpt-synful-knock.pdf


Question: Has Palo Alto produced a signature update for their IPS/Firewall devices to

Wildfire Alerts

Has anyone else noted a materical change in 'dubious' Wildfire alerts in the last 24 hours?

We have seen a material shift - as if a new detection engine/function has been enabled (and may possibly be a bit too sensitive).

Download Managers

Haveing alot of problems with Download Managers.

We use continue/forward on alot of downloads including exe's but the problem we are running into is when someone downloads an installer that in turn tries to pull down other files from offline, They

DNS big text threat seems to bypass security rule

I have a strange circumstance here, I think. I've received several threats in my threat log for "DNS Answer Big TXT Record Response Anomaly" Threat ID 31580 (not sure if that's relevant or not, it just seems an odd similarity)

So yesterday I had a

URL filtering thinks domain.com is not a subset of *.domain.com

I think domain.com should be considered subset of *.domain.com. There are lots of web pages presenting the content in both with and without www prefix. Putting 2 different filter for the same domain is just stupid.

Is there any workaroud?

PA Trunks ?

I want set up two interfaces from PA as shown below. Traffic via Link will get to SW1 and on to S1, the same for the other link. The two are separated for security reasons.

The issue is that, say SW1 fails we will need to re-wire SW2 to allow conti