General Topics

How we can monitor/detect that particular FW stopped sending traffic logs to LogCOllector

Hi Community

I'm looking for the possibility to be notified (trap/snmp/Panorama event) in the situation that a particular FW which is assigned to LogCollector for some reason stopped sending traffic to it. Let's assume that if there is a 1h gap I wan

Need expire schedule security Policy logs over mail alert

 How we can get expired schedule security Policy logs on mail alert....

VPN Drops after 1 minute with the error ike-nego-p2-proxy-id-bad

Hi, I am new to the palo and have run into this problem that I can't figure out. We have a VPN between the Palo and a Meraki. It's usually on permantly but recently it has been having drop outs, sometimes for days. I have realised that if I disable t

Palo Alto Routing course

Howdy everyone,

I have taught the foundations course...that was pre-covid.

Now I am tasked with teaching routing.

Which Palo-Alto class would the community recommend from your experiences that I teach?

Thanks,

JB

DIP NAT on inter vsys traffic

Hello,

I have a FW that has many nat rules.

And I found a bug, pan-130550:

Critical System Log Msg

Hi All,

Have you guys seen the below critical msg in the system log?

Backtrace execution for the restarted process stopped due to an error accessing memory. Possible memory corruption?

P.S: this is the passive firewall when the active FW went down.

Tags not applying but can see them inside the security policy

running 10.0.2. superuser can create the tag, apply it.

but the tag is not visible in security policy "tag" column.

can open the security policy and "see" the tag.

User is superuser, dynamic.

ConnectWise Control connection getting reset

Latest spyware signatures appear to be blocking legitimate connections to ConnectWise control. The 5/2 AppThreat-8564-7375 update categorizes the connection/file (GetSessionDetails) as threat Generic PHP Webshell File Detection.

Produces "unknown erro

WAN Interface IP change - after Wildix phones still work, Yealink phones don't!

Hi all,  looking for advice following what is in my opinion  very  unusual behavior. 

Where I work for, we have a PA220 running Firmware version 9.0.3  that is used  as the firewall for VoIP traffic for physical desk phones. We have two brands of IP

DLP product that will integrate with PA decryption broker?

All the DLP products I have researched require ICAP capability which the PA doesn't support.  Does anyone know of a DLP product (network appliance or VM not client based) that will actually work with the decryption broker solution?

Please don't sugge

Bypass Telegram App traffic for ssl decryption

Hi,

Is there any way to bypass the Telegram app traffic for SSLdecrypt? any idea?

Traffic Logs show 2 different source users from same IP

We are using User Identification and have the user-id agent running on 2 different AD servers.  Also using global protect.  When looking at traffic logs I can filter on my GlobalProtect VPN IP, I can see the source user of my user account, and a sour

If untrust interface fails on firewall, Then on other leg trust interface should go down....

Team,

Any idea on belows, Pls share.

How to make firewall trust interface down if untrust fails on Active/Active setup in PA firewalls.

Don't want to manually make it down. Facing challenges in Azure VM Active/Active firewall.