Understand App_overrride

Hi,

We did a change from another vendor to PA. We realise that backups (vmware) were transferring very slow. So we created a app_override in order to avoid L7 in this VMware traffic. After that the spped for backpus got better.

So i have several qesti

Google Earth (Pro) and SSL Decrypt

Anybody figured out a the magic combo to get Google Earth (Pro) not to warn on startup with SSL Decrypt?  Before you ask "yes" SSL decrypt is working no errors or warnings in browsers (i.e. CA's in trust store) and yes I thought about the ICA issue a

Host with sinkhole action, what to do ?

Hello Bro,

              We have subscribed to the Palo alto DNS-Security feature and we have it applied now.

after few days, I have a dynamic object now with many host has been sinkholed for contacting a malicious domains.

Many Domains contacted, what

Decrypt-error with Inbound Decryption DHE or ECDHE on 8.1.3

Greetings all,

I feel like I'm probably missing something simple here, but I'm running into a decrypt-error issue on 8.1.3 in regards to a server that is negotiating DHE or ECDHE ciphers with the client.  On Chrome I get:

ERR_SSL_VERSION_OR_CIPHER_MI

LED's on startup

Recently migrate to a pair of 3200 series firewalls. Everything was fine and dandy until we powered them down to migrate to the correct rack. Once we powered them up, one came up fine, but the other has a green power light and nothing else. the fans

Error when I try to add the SAML Identiti Provider for Okta

Upload SAML IdP Failed. No IDPSSODescriptor node found. Any ideas?  Here's the file I'm trying to import

<md:EntityDescriptor entityID="http://www.okta.com/exk.....">
<md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn

Firewall is sending traffic when becoming passive for a few minutes

Hello friends,

I am experimenting a strange behaviour.

When performing a manual failover with the command: request high-avaliability state suspend, the firewall that become passive continues sending traffic to the BGP peers for about 3 minutes (ICMP

firewall configuration

Captive Portal with custom images

Hello everyone,

I'm trying to implement the custom Captive Portal Response Page with custom images in it. 

Is there a way to upload my own images to the Palo Alto to use them in the Captive Portal? I did found the info about using the custom images fro

Integration of Palo alto to panaroma

Hello All,

I have two palo alto in high availiabilty running as Active-Passive mode. Basically i have to add these firewalls now in Panaroma which i will configure in High avalibility. 

Need to know what are the precautions i have to do to add these f

PA and VPC

Hi,

Hi, 

Please advise on the above design . Is there any pros and cons ?

Thanks

Routes between VPN tunnels

Currently on the Palo Alto firewall, there are 4 IPSEC VPN Tunnels.

The issue is the following, a sub network of a Tunnel, tunnel that we will call TUNEL-A01, must be able to reach a destination that its destination is in another tunnel, we will call