Upgrade firewall version 6.1.1

Anybody already updated the firewall version for 6.1.1 ? What´s the step by step for the update ? Did you find any problem ?

tks

more than one mirror decryption interface

is it possible to forward decrypted traffic using more than one interface  ?

what will happen when we choose 2 eth for decrypt mirror with 2 decryption profile ?

PANOS Release 6.1.3 Required to login twice to get access

Hello,

I've a cluster of PA500 running 6.1.3.

When I try to login to the system (with the GUI), the login always fails and I'm redirected back to the login page.

After login again, it works fine...

Any idea ?

Regards,

HA

Interal Architecture of the fpga / asic for pa hardware models

Hi,

I've been searching for documentation on the internal architecture for pa5000 series (pa5050 to be precise). I've not been able to find it however. I'm especially interested in how the fysical interfaces are connected what the throughput of the di

SSL Inbound decryption and nginx webserver

Hello,

I try to configure nginx 1.6.2 (on linux ubuntu server 14.04 LTS) with fully support SSL Inbound decryption.

We're running PAN-OS 6.0.9.

Based on the document Inbound SSL Decryption Not Working Due to Unsupported Cipher Suites, I configure this o

GP gateway drops to SSL and client gets disconnected..?

Hi all -- I just noticed an odd behavior affecting all GP clients (running on PA200, PANOS 6.0.3, GP Client 2.0.3), but I haven't changed anything recently.

In looking at the System log, I see users connecting successfully ('portal user auth succ', 'p

GRE- plans to support on PAN

Hi,

Are you going to support GRE on PaloAlto in the near future?

Thanks,

Pawel

Floating IP and ARP load sharing addresses binding in A/A

Hello All,

I'm curious about spending public IP pool given by my ISP, if I decide to put PAN-s in front edge perimeter. I have seen that in A/A scenario I need 4 IP's (physical and virtual) for Floating IP scenario, or 3 for ARP load sharing (2 physic

Aggregate logs on PA-7050 across NPCs?

Hi,

I'm trying to aggregate logs across all dps in the system – right now only 2x NPC.

Using the procedure here: https://live.paloaltonetworks.com/docs/DOC-3876, the firewall says "packet-diag.log is aggregated” but where is it? Does that aggregated lo

Aruba ClearPass and User-ID

We use 802.1X on our network for user authentication and assigning VLANs dynamically. Our edge switches (Brocade) and Aruba Controller are configured to use Aruba ClearPass to authenticate each user. ClearPass uses LDAP (freeIPA) to look up users. Cl

SHA256 forward decryption on Palo Alto Networks Firewall PanOS 5.0.15

I have a private subordinate CA signed using sha256.  This is my forward decryption certificate.  The trust anchor is also sha256.

With forward decryption enabled on my PanOS5.0.15 device, the certificates generated by the firewall are signed using sh

Panorama and Active/Active Setup

I'm setting up two 7050's in an active/active configuration. What is the best method to handle this with Panorama? Right now I only have one of them in there and it seems like only one of the nodes is getting my config changes even though I have conf