Log forwarding profile for Correlated Events?

Hello all,

It appears that we have had at least a single correlated event in the past seven days, but did not recieve any alert related (via any configured log forwarding profile).

It appears the each match that was correlated did perform a log actio

Changing HA from Active/Active to Active/Passive

I would like to know if anyone has changed HA from AA to AP and has configured floating IP in AA mode. How was the solution to bring it to the AP?

Thanks a lot.

PAN 10.2 (PA850) high memory usage normal?

I've just started upgrading our firewalls from 9.1.16 to 10.2.7 and noticed the first (and so far only) firewall pair upgraded caused an enormous jump in memory consumption.  Is it normal for version 10.2.7 on a PA850 to consume 68-70% of memory?  Th

GlobalProtect: Port 4501 UDP

Hi all,

I understand that GlobalProtect uses TCP 443 and UDP 4501... But what is there any more information available about GlobalProtects usage of port 4501?  All I could find is the following:

• TCP/443 for the SSL communication
• UDP/4501 for tunne

Unable to download new firmware for Lab PA-220

Hello,

We are using a PA-220 on version 9.0, its unlicensed, had a real issue getting a new license because the PA-220 was previously purchased off Ebay so we use it now for basic configs now.

How do i get the newest firmware for this? I went u

OID of throughput value of each interface

I've seen several posts that asking the same question, but none of them have provided substantial suggestion. Many replies just suggest to use existing templates of Cacti or Zabbix. What if I'm not using those 2 monitoring tools?

PA has published an O

SNMP OID for session throughput

Hello

does anyone know if there is an OID for the session throughput (show session info > throughput)?
I would like to monitor that on my firewalls without offloading to get an idea of their load with respect to the max throughput from the tech specs

SQL and Terminal Services agent

Hi all,

I'm seeing some odd behaviour with apps that use SQL where the app is on a terminal server. The terminal server has an app installed and works perfectly when the PAN TS agent is not running. When the agent is started, the application throws up

SSH traffic on one policy appears to be denied by a policy that is currently disabled. How is that even possible?

I created a policy (number 21) that allows several types of traffic outbound (ssh, https, tcp 8989, tcp 61000 - 65535, and UDP 1024-65535).  All traffic seems to be passing except SSH, which is being blocked by policy number 25, which is supposed to

How to download Panorama vm file

Hello.

I want to download Panorama Base image. I go to support.paloaltonetworks.com->Updates->Software Updates but there are no Panorama Base Images. Why can't I find it at this address? Please help me. How do I download Panorama's legal .ova file

TCP SYN with data attack block by the firewall but increase the latency of data traffic

Hi Support,

We recently notice have latency in our network , when we investigate found a lot threat logs from TCP SYN with data has been block by firewall as we have DDOS protection.

My question is below:

1. does this attack affect the performanc

SNMP LinkStatus can't seen

Hi all,

 I have the Zabbix server ver 6.4.3, I'm import the template palo_alto_firewall in this link: https://www.zabbix.com/integrations/palo_alto_networks

 It shows somethings, but the Linkstatus with OID: 1.3.6.1.2.1.2.2.1.8. and the traffic out a

Palo Alto Decryption "Out of firewall resources: memory"

Hello, 

Wondering if anyone has encountered the error on the subject line under Decryption logs? We seem to be experiencing an "outage" with outbound traffic (Web pages don't load, slow internet, etc) here are some recent changes:

• We migrate over

Source User missing users unless DC is rebooted--User Mapping

Hi all,

I am having an issue that users are no longer communicating their IP and converting them into agent-ID's so they no longer get the correct web-filter rules. Currently nothing is now showing up in the "Source user" column but If the Domain C