Simple policy not working?

Outbound communication to the following IP addresses must be allowed:
- 64.58.49.24
- 64.58.49.25
- 64.58.49.26
- 64.58.49.28
- 64.58.51.56
- 64.58.51.57
- 64.58.51.58

text router will attempt to communicate with the above IP addresses over the following pr

Address Objects that evaluate to old data

After changing an address object and committing, the object evaluates to the old value.

PA will not update malware signature from sample malware files (http://wildfire.paloaltonetworks.com/publicapi/test/apk)

 the customer want to test  pa wilfire  feature .

my test step:

1: from http://wildfire.paloaltonetworks.com/publicapi/test/apk, download the sample malware.the traffice throught the pa

2: when we can find the  wildire log from firewall  and theck the l

Security Policy Rule application and service configuration

 Hi All,

I have an issue where, Panorama had some security policy rules that had the below configuration on them:

1. “Any” is listed in combination with specific ports under services in a given rule
2. “application-default” is listed in combination with spe

MS Update application being recognized as ssl

Hi Experts

I'm looking for an assistance where ms-update is being recognized as ssl and getting denied. We've allowed the web-browsing and ssl to allow the dependency applications as well on the same rule. Port is being identified as TCP/8531 but the

Palo Alto SSH Vulnerabilities

Hi Team,

We are finding the below vulnerabilities being detected on Palo Alto Management SSH service :

CVE-2007-2768

CVE-2004-1653

CVE-2007-2243

CVE-2016-2183

Kindly help us in resolving the above said vulnerabilities.  Devices are running with the OS

DropBox - Most of traffic showing up as just web-browsing app-id?

Anyone else seeing an issue where DropBox traffic is mostly being identified as web-browsing? I had an existing rule that was permitting dropbox-base and dropbox-downloading and it recently stopped working. I see all my traffic being decrypted fine.

OSPF passive interfaces question

What is best practice to advertise connected networks on a single VR where you have OSPF running and neighboring on an Internal Firewall  interface to router, and want to advertise multiple segmented/firewalled networks directly attached the same fir

SSL Decryption: ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY

Hi paloalto community,

we're currently still testing ssl decryption and discovered a new error, which I can't google to find a solution.

If we're visiting the following site, we get an "ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY" error. Site: https://ww

Doubt about multiple SAs in IPSEC tunnel

Hi,  

We have a tunnel working but looking in the logs we see many installed SAs. So we think it should be a SA for line in proxy ID.

So why all these logs about "installed SA"?  Any idea?

After upgrading the PAN OS8.1.5 to 10.0.6 Management CPU showing 100

Hi Team,

After upgrading the PAN OS8.1.5 to 10.0.6 Management CPU showing 100.

Newly registered domains - how does PANDB classify them?

I'm not really sure how to title this one but here goes

A great many of the links in cryptolocker/zeuss type stuff links to domains that are brand new, yet quite a few of them seem to be in PAN-DB in categories like "Shopping" or "Business and Econom