App statistics very different between CLI and GUI

I ran the command 'show system statistics application' on the CLI of our PA-4020 at the Internet border and see these results....

Virtual System: vsys1
application                      sessions   packets      bytes
-------------------------------- -----

PAN 500 Locked Up Today

So, today, when basically nobody was on campus the PA-500 decided to lock up.  I could not connect to it at all and it was not passing traffic through.  Looking at the logs, it appears as though it locked up at 3:02 a.m. on Monday as there was no tra

HA Active/Active,..

Hi Team,..

Attached is the scenario for HA Active/Active,..Is it possible to configure IPSec and SSL VPN in this Scenario?

The external interfaces of each PA firewall is directly connected to ISP routers and have configured defferent public IP's on bot

Shared Gateway and VSYS

Hi,

I've a basic setup with TWO vsys with separate vrouters on each vsys (Maketing and Sales ) and a shared Gateway. Some vpn Tunnels terminating on my shared gateway.

I need to implement some static NAT rules for my VPN tunnels, so far so good.

Routing

Brightcloud tagging Yahoo sites as Phishing and Fraud

Greetings!

Today I received several helpdesk calls concerning yahoo! mail not working. Logs show that the 'yming.com' site that yahoo! uses is being flagged as a 'Phishing and Fraud' site.

I know I can report it (24-48 hour fix) and can manually unbloc

Allow download of file types that show as ZIP

Hello,

I have had a few instances where I've needed to allow certain files types through the data filter.  One annoying case was native Office 2007/2010 documents that end in x.  What I did was add it to my file blocking profile with the action of ALE

4.0.9 to 4.1.6 - Issues to be aware of?

Are there any known issues to be aware of if I wanted to go from 4.0.9 to 4.1.6?

We had an issue when we went from 4.0.9 to 4.0.11 where the dataplane on our PA-500 randomly rebooted several times and support's initial suggestion was to do a factory r

Dual/HA IPsec tunnels with 2 ISPs ?

Hello,

I have 2 PaloAltos, one is running on robust and redundant Corp internet ISP, another one on a remote location with 2 public  ADSL (and miserable quality ofc !). My goal is to have a redundant IPsec link between the two PaloAltos :

How would you

Android Devices - Exchange Server - User Agent

Has anyone succesfully been able to get Android devices to successfully be recognized by the user agent via the exchange server logs?  It seems to be working fine for Iphones, but not so well for our Android devices.  Captive Portal works, but it's n

arp/mac cache limits - any plans to increase them?

Palo Alto seem to have the lowest arp/mac cache limits of any firewall I've ever come across.

Are there any plans to increase the limits please?

Negative lookahead regular expression not working

Hi

Bit of an advanced regex feature, but I would like to set up a custom vulnerability signature to detect browsers (user-agent) that are not Internet Explorer. True, one could detect Firefox specifically, but there are so many different browsers in t

SSL decryption and Http redirection

Hi,

I am testing SSL decryption and it seems to work fine  except when Http redirection is involved. E.g. when you try to connect to Https://gmail.com , google redirects you to https://www.google.com and it gives me a certificate error because of the

SLOW INTERNET

Hi GUys ,

I`m deploying a PAN.

Everything is OK , COnfiguration , URL Alerts , AV , AS everything on ALERT MODE.

But my problem , after COnfigure a L3 INterface to receive IP via dhcp client from my ISP router , my connection with internet becomes very