Failed to execute op command

We frequently face an error for fetching the group-mapping in the user-id tab. The error is normally shown up as failed to execute op command. One of the reason can be invalid credentials in the ldap configuration

Troubleshoot this error with Tail fol

Turn off Application ID globally?

Can one turn off the application awarenes globally to set up a PAN as a L4 firewall? Trying to get some comparison stats against the old L4 only (non PAN) firewall and the new PAN.

thanks.

PAN Dual ISP Failver Best Practices

I have setup dozens of PANs with multiple ISPs and failover but have some questions in regards to best practices..

1. Is PBF the only way to handle failover? If not, can the same be achieved via HA Link/path monitoring or is that specifically for devi

Unknown File Types

Hi all,

we like to block or be alert when the file types .edrw and .easm (eDrawing) are passing the PA. Currently nothing is shown in the Monitoring Data Filtering.

Any idea how to get PAN to update file types in security profiles? Can I somehow report

NAT Performance Issue

Hi All,

I recently migrated a client from a Fortinet firewall to a PANW.  Most of the Virtual IPs from the Fortinet were migrated as bidirectional Source NATs.

One specific server had issues where outside traffic would intermittently not be able to con

FILE BLOCKING NOT INSPECTING ZIP CONTENT

Hello everyone,

I'm trying to block download of CPL files (PE) using a file blocking profile. We are trying to create it in a way which assures that even zipped CPL Files will be blocked.

We created the profile but it did not work on HTTPS sites, just

Same QoS Profile Applied to Multiple Interfaces?

I have a single QoS profile applied to a pair of internal interfaces as seen in the screenshot below:

In this case, will the two internal interfaces have a single shared maximum egress number or will the full maximum egress apply to each interface sep

PAN-OS 5.0.6 SNMP

server:~ leo$ snmpget -M /usr/share/snmp/mibs -m ALL -Pu -v3 -a SHA -A xxxxxxx -l authPriv -u nagios -x AES -X xxxxxxx 10.48.1.10 `snmptranslate -On PAN-COMMON-MIB::panSessionMax`

PAN-COMMON-MIB::panSessionMax = No Such Instance currently exists at th

Teamviewer application not allowed by policy

I'm encountering a strange situation where teamviewer is not allowed by the policy in which it is defined but is instead blocked by my clean up rule.

I have all the dependencies matched but for some reason the firewall does not match on the rule where