Problem with IPSec tunnel monitor

Hello,

We have an issue with one IPSec site-to-site tunnel. The PAN usually doesn't recognize when a tunnel is down. We can correct this by setting up monitors on all tunnels with a "wait-recover" action after 3 subsequent failures. This works for all

Panorama commit devices with different results

Hi,

We have a device group in Panorama with 4 devices members. When we've committed changes sometimes devices had the result "Commit succeeded with warnings", because we have some dependence warnings, but one of them has the result Commit Succeeded".

Captive Portal authentication as a replacement for Checkpoint Client Auth

Hello,

We're in the process of replacing a number of checkpoint firewalls with Palo Altos and we're looking at ways in which we can replace the current Client-Auth setup on Checkpoint where you telnet to the firewall directly, authenticate, and it the

session browser source=0.0.0.0?

seeing a lot of sessions in the session-browser with a source ip of 0.0.0.0 (in the internal "trust" zone) - these tend to be UDP protocols, RTP, bittorrent, skype etc and the session browser shows them not matching any rule or having any bytes.  Are

Test commnad on the nat policies

Hello,

I did an upgrade from a 500 model to a 3020 model. All the configurations work just fine. The problem that I see is that I cannot test the nat-policy rules. I have the following configuration:

..

snat-all-LANs {

        from inside;

        source

Original MAC Address of each interface on device

I have two Palo Alto devices and running HA.

When i run command on Active and passive device:

> show interface hardware

It only show the same MAC Address value of all interface.

I want to know original (physical) MAC Address of each interface on each d

What does not get uploaded in Config that needs changed via CLI?

We have a PA-500 that has a bad hard drive in it. We copied the config from the bad device and transferred it to the new RMA device they have sent us. on the GUI all the settings have transferred over just fine and nothing looks different. But when t

Protecting private clouds

We are in the process of testing the deployment of Internet-facing services into Azure, such that they are accessible from the public Internet via Azure but have a VPN connection back into our environment. Obviously in this scenario we must rely on M

Reputation score based policy? / URL-Filter w/o Threat Prevention

Question1:

We're in the middle of evaluating the PAN firewall 5050, and are generally impressed w/ what it can do, in terms of blocking & reporting, etc.

One feature we're looking for, but seems to be lacking is the ability to permit / block end users'

Generate Monthly Reports in Panaroma

Hi All,

I would like to know the process to create a monthly PDF summary report via Panorama. I can only create a days report. Anybody know of a way?

Rgds,

TJ

Google-calendar-base from iOS devices

Hi,

I applied an SSL decrypt profile and with no blocking configuration if decryption would fail. Now I notice that on iPad with IOS7.0.x the calendar from google is not working.

It appears in the traffic log as decrypted and the application is seen on