redist route from bgp to OSPF is sending more than the default route

When we turned up BGP in the Palo with ExpressRoute, we started to receive 4 subnets from Microsoft.

The customer found that these subnets are being leaked into the Extreme Fabric through the OSPF adjacency to the Palo’s, where only Default route sh

Issue with GlobalProtect after Upgrade

Hello,

We're currently experiencing some issue with several clients that are trying to upgrade their client.

They're moving from 2.3 to 5.1. Sometimes, the client cannot connect at all (clicking on connect button from gp client but nothing is happenin

Question about multiple filters in a User-ID Syslog Parser

Greetings all,

I noticed that the syslog parser for User-ID allows you to enter multiple filters for each server... does anyone know how adding multiple filters of the same type (login for example) will work?  I see there is a way to move the filters

Client ip pool grayed out

Hi,

Why Client IP Pool in gateway level is grayed out ??? 

OpenSSL SSLv2 Man-in-the-Middle Vulnerability under Top threats in Daily reports

I consistently get OpenSSL SSLv2 Man-in-the-Middle Vulnerability under Top Threats in Daily Reports.

What does this mean? am I getting attacked? is it reporting a vulnerability in devices? 

At what level should I be concerned with this?

Wrong HIP match

Dear All,

issue:

I have the firewall 5220 with PAN-OS 10.0.3 and I am facing an below issue:-

As GlobalProtect 5.2.6 is released with support for OPSWAT v4 only while OPSWAT v3 is discontinued starting from 5.2.6, I tried to test it on a few machines.

Prevent OSPF routing loops - Area 0

Hello,

We have a PA5050 with a couple of VRs.  

VR1 is the main VR with interfaces into the main customer networks, internet access and a 3rd party link

VR2 is for GlobalProtect clients and a separate internet link for the GlobalProtect Portals/Gateway

GlobalProtect: Existing user session..?

Hi all..  I'm sure this will be a simple question to answer, but I can't find any explanation. In the following snip from our GlobalProtect traffic log on a PA200:

Understand App_overrride

Hi,

We did a change from another vendor to PA. We realise that backups (vmware) were transferring very slow. So we created a app_override in order to avoid L7 in this VMware traffic. After that the spped for backpus got better.

So i have several qesti

Google Earth (Pro) and SSL Decrypt

Anybody figured out a the magic combo to get Google Earth (Pro) not to warn on startup with SSL Decrypt?  Before you ask "yes" SSL decrypt is working no errors or warnings in browsers (i.e. CA's in trust store) and yes I thought about the ICA issue a

Host with sinkhole action, what to do ?

Hello Bro,

              We have subscribed to the Palo alto DNS-Security feature and we have it applied now.

after few days, I have a dynamic object now with many host has been sinkholed for contacting a malicious domains.

Many Domains contacted, what