Panorama - logs displayed for some firewalls are almost 20 hours old

Panorama 9.1.2 VM

Both firewalls running 9.1.2 and forwarding logs to Panorama.  For one firewall the logs in Panorama are current.  For the other they are over 19 hours old for the traffic logs.  There is a third firewall where Panorama shows logs m

certificate profile

Hi

I want to use/setup a certificate profile for use with an EDL.

The site - internal running minemeld. has multiple int CA.

So for the profile, do I add only the last int CA or all of them.

How does certificate profile work will it say okay if any cer

User ID to IP Mapping : limit

Dear Team,

Can i make Limit on User-ID to Map with only One IP address after configuring AD integration 

Thanks

Unable to send email alerts

Rule to allow access for group of IP addresses

New to PA.  I'm looking to create a rule to temporarily allow access to any url for a group of IP's.

Floating IP for Active-Active pair VPN

Hi All,

I'm trying to configure a Floating IP for a VPN on an Active-Active pair of 5220's. I have the Floating IP configured with the Active-Primary Device Priority 1 and Active-Secondary with Device Priority 100. The Interface IPs for both devices

Palo Alto connection Virtual wire drop User VPN anyconnect

Hi everyone,

I am facing an issue where I setup my PA-850 as a transparent mode (virtual wire) and set the policy as default to allow all the traffic. Connection of my PA-850 is in between router and core switch. I can see all the traffic is passthrou

PA NGF SMB bruteforce behavior

Hi, 

Im wondering what is the behavior of SMB bruteforce vulnerability alert from PA FW. Vulnerability id (40004) SMB brute force seems to be triggered by a child signature 31696(SMB login attempt). Question is the child triggered every time there wa

Session End reason & Application Status

I would like to know about Palo Alto firewall Session End reason, why we are getting those reasons & how we can resolve the issue.

For example:

tcp-rst-from-client—> it mean the client sent a TCP reset to the server.

tcp-rst-from-server—> it mean the s

User-ID - Active Directory Keeps Sending Domain DNS and NetBIOS DNS

Hi Community,

Having a headache of an issue lately and I believe it to be an issue on the customer environment rather than a setting configuration on the firewall, or software issue in PAN-OS e.g.

I've little experience with enterprise active directo

Bypass/Disable Policy for destination address.

I want to make a policy/rule to bypass/disable policy in case of certain destination ip addresses. There is a way?

Wildcard (* .) Based Policy

Hi All,

I have a bit confusion about Wildcard based(*.) policy on PA firewall. If we have to apply policy for *.mysitexyz.com as destination for port 443, will there be any additional configuration require to achieve this or have to follow traditiona