Warning: running 6.0.4 policies with multiple tags

Version 6.0.4

Tested in 3000, and 5000 series

Tags disappear, if edit any objects using webui clicking on rule name while multiple tags in security policies.

Bug# 67259

Encrypted Traffic over the Palo Alto

We have site to site VPN (both side PA) in our network, I want to send some encrypted traffic over the tunnel , How the palo alto will decide the encrypted traffic not to be scanned (threats) and filtering rule also not applied for the those traffic.

Fan RPM defaults for a 3020

I recently purchased a PA-3020 and just fired it up for the first time.  The first thing I have noticed is how loud this device is.  It is almost deafening and can be heard in the hallways behind a door in my server room.  Is this typical behavior? 

Dual ISP

My main PA is configured for dual ISP's and I am going to put third party certs for my global protect clients. Do I put two certs on? One for each ISP?

Use VM-100 With Could Provider - MAC Issues

We are trying to set up a VM-100 as the entry point to a virtual data center. We have run into an issue with the MAC addresses on the VM device not matching the MAC addresses on the Palo interfaces. We appear to be stuck at this point. Apparently it

API test url category

I want to use the API to query URL (Brightcloud) categorisation.  This is the command in the CLI:

pan1(active)> test url theguardian.com

theguardian.com news-and-media (Base db)

running the same check via the API browser:

https://x.x.x.x/api/?REST_API_TO

User IP-user-mapping incorrect

(PA3000 series FW running 6.0.2) Getting users being blocked by the captive portal from a local service account running on their machine.. only way around it is to disable the service and/or account and then flush the user to ip mapping cache.  Any w

VRFs on a Palo Alto - can it displace a Cisco ASR router?

Hello, we recently purchased a pair of PA-3020s to run HA with and replace a pair of ASA's.  Think we've mostly got them configured to replace the ASAs with the assistance of the reseller's engineer and so far, so good - everything is working great.

H

Is it possible to load config from a firewall up to Panorama?

Hello,

The last 4 months of config changes seem to have fallen off our Panorama server but the firewalls it manages are still up to date.

Is it possible to gather the config from them and push it to Panorama?

Thanks in advance for any help.

Commit times

I'd like to hear some feedback from users on the 3050 hardware. We currently use the 2020's and commit times are between 30-60 minutes. We've been using this platform for several years and been through tech support dozens of times on this issue. I un