Paloalto don t send log correctly to logstash

Hi evrey one,
I'am new to Paloalto and I have a problem with the threath log. I am currently using ELK stack to store and visualize all log from paloalto. 
When I send the traffic log to logstash there is no problem (there are all field explained in th

Global protect not working

Hi Team,

We have faced our GP not working 26/07/2021 around 09:15 pm.

After the firewall restarts its started to work. When I analyzing TSF I got the ssl vpn below error.

"The PID for this process changed indicating it was restarted"

2021-07-26 21:17

New 5220 non-functional state

New HA 5220 active-active and non-functional status.

HA-1 and HA-2 cable attached

Set up box boxes direct mode and then created templates via Panorama

Panorama doesn't display to parameters defined in direct config status

How to ensure configs are dumped

Default MTU of 1496B in interfaces of VM platforms?

Dear community!

We have couple of VMs deployed in MS hyper-v and I realized that all interfaces have a MTU of 1496 bytes even though no value was configured. Checked this with "show interface XXXX" command

Shouldn´t the interfaces have MTU of 1500 by

Simple policy not working?

Outbound communication to the following IP addresses must be allowed:
- 64.58.49.24
- 64.58.49.25
- 64.58.49.26
- 64.58.49.28
- 64.58.51.56
- 64.58.51.57
- 64.58.51.58

text router will attempt to communicate with the above IP addresses over the following pr

Address Objects that evaluate to old data

After changing an address object and committing, the object evaluates to the old value.

DHCP Relay

I have a strange intermittent problem with DHCP relay.  I have it setup on all our firewalls, PA-220, and they relay to servers in the data center (Windows 2016).  At some point the relay stops sending offers.  I can see the discovery packet and no o

PA will not update malware signature from sample malware files (http://wildfire.paloaltonetworks.com/publicapi/test/apk)

 the customer want to test  pa wilfire  feature .

my test step:

1: from http://wildfire.paloaltonetworks.com/publicapi/test/apk, download the sample malware.the traffice throught the pa

2: when we can find the  wildire log from firewall  and theck the l

Security Policy Rule application and service configuration

 Hi All,

I have an issue where, Panorama had some security policy rules that had the below configuration on them:

1. “Any” is listed in combination with specific ports under services in a given rule
2. “application-default” is listed in combination with spe

MS Update application being recognized as ssl

Hi Experts

I'm looking for an assistance where ms-update is being recognized as ssl and getting denied. We've allowed the web-browsing and ssl to allow the dependency applications as well on the same rule. Port is being identified as TCP/8531 but the

Palo Alto SSH Vulnerabilities

Hi Team,

We are finding the below vulnerabilities being detected on Palo Alto Management SSH service :

CVE-2007-2768

CVE-2004-1653

CVE-2007-2243

CVE-2016-2183

Kindly help us in resolving the above said vulnerabilities.  Devices are running with the OS

DropBox - Most of traffic showing up as just web-browsing app-id?

Anyone else seeing an issue where DropBox traffic is mostly being identified as web-browsing? I had an existing rule that was permitting dropbox-base and dropbox-downloading and it recently stopped working. I see all my traffic being decrypted fine.

OSPF passive interfaces question

What is best practice to advertise connected networks on a single VR where you have OSPF running and neighboring on an Internal Firewall  interface to router, and want to advertise multiple segmented/firewalled networks directly attached the same fir