Dynamic Address Group (DAG) PAN-OS / DAGPusher prototype

Hi guys,

I'm trying to use the the DAGPusher prototype but, unhappily, I'm dealing with some problems. May be some of you could help me with it.

My scenario:

I use a generic miner to extract IPv4 (/32) from a specific location (that is working). The

How work App-id when trafic is not inspected

Good morning all,
I have a question regarding the relationship between Appid and Ssl Decryption. How can the Fw recognize an application when the traffic is not inspected?
Example user request https://www.youtube.com/watch?v=2zB2jiCxxuQ. What is the Fw

IPSec SA rekey failure

Hello,

I am not an expert on IPSec and its terminology, so I apologize if I write something inaccurate, but I try to do my best. I have an IPSec s2s tunnel between Palo Alto PA-220 and Mikrotik RB4011. The RB4011 is behind NAT so it initiates the conn

Traffic logs not shown the recent logs for particular source IP

Hi Guys

One of our customer facing issue that unable to see recent traffic logs for particular source and destination in gui. But we could see the live session on cli by the command "show session all filter source 192.168.x.X destination 172.17.X.X".

Issue with traffic on specific proxy id

We have VPN between Palo Alto and Cisco FMC/FTD.

There is user and server traffic on VPN. VPN status is stable. I don't have any user complaining about disconnection.

But I am seeing disconnection on specific proxyid. All of sudden I am getting ICMP re

Next Hop in default route using DHCP Comcast modem

Hello Group,

I am setting up a PA-200 in my SOHO with comcast as my ISP.  I have comcast for my isp and am using DHCP to optain my IP address.  My question is this.  Per the setup guide, if I check DHCP under the IPV4 tab, and check, Automatically cr

SD-WAN OSPF

Hello Team,

I just wanted to know that does PA SD-WAN supports OSPF ??

Or it only supports BGP.

My use case is as below  Branch and a Hub to SDWAN

I have Internet links and Orange MPLS links and I have OSPF on OBS router and on the firewall 

After confi

URL Block / Continue on SSL - doesn't continue, page just refreshes.

I have a "continue" policy set on newly registered domains category.  If I visit a site with https I see the continue page but upon clicking continue the block page just refreshes (the guid in the address bar changes).  

If I visit the site without S

Apps/Threat out of Sync on Passive Panorama.

On one set of panoramas I noticed that the Apps/Threats are out of sync. The passive device downloaded, but did not install the update like the active device did.

The active device is set to sync with peer during the scheduled update.

The trouble is t

AE interface showing higher bandwidth than physical interface

The physical link in the firewall shows lower bandwidth as compared to the aggregate link on the same. Referred the SNMP logs which capture the same, please refer to the screenshots attached and let me know if this an expected behavior or not?

File blocking

Dears,

I am not able to block msi file via file blocking profile.

I have created a file blocking profile to block msi and different types of file extensions to block by the policy.

Then I tried to open exe file in the chrome browser which is working fin