several IKE Crypto Profiles on the same interface for SITE-to-SITE VPN

Hello dear colleagues,

according to the documentation, there is a limitation for IKE gateways:

All IKE gateways configured on the same interface or local IP address must use the same crypto
profile. (c) 

The same restriction is mentioned in the PANOS v8

Where is 'dataplane-console-output.log' in PA-820?

Hi,

Sometimes I checked 'dataplane-console-output.log' in PA device.

But I did not found out 'dataplane-console-output.log' in PA-820.

Anybody know where is the above log in PA-820?

Panorama plugin for VMware vCenter

Hello Everyone,

I would like to use custom tags from VCenter in dynamic address groups. We are using VM information sources, but this method isn´t able to fetch these tags. It seems that VMware vCenter plugin can do this thing. Is it good idea to use

Dynamic Address Group (DAG) PAN-OS / DAGPusher prototype

Hi guys,

I'm trying to use the the DAGPusher prototype but, unhappily, I'm dealing with some problems. May be some of you could help me with it.

My scenario:

I use a generic miner to extract IPv4 (/32) from a specific location (that is working). The

How work App-id when trafic is not inspected

Good morning all,
I have a question regarding the relationship between Appid and Ssl Decryption. How can the Fw recognize an application when the traffic is not inspected?
Example user request https://www.youtube.com/watch?v=2zB2jiCxxuQ. What is the Fw

IPSec SA rekey failure

Hello,

I am not an expert on IPSec and its terminology, so I apologize if I write something inaccurate, but I try to do my best. I have an IPSec s2s tunnel between Palo Alto PA-220 and Mikrotik RB4011. The RB4011 is behind NAT so it initiates the conn

Traffic logs not shown the recent logs for particular source IP

Hi Guys

One of our customer facing issue that unable to see recent traffic logs for particular source and destination in gui. But we could see the live session on cli by the command "show session all filter source 192.168.x.X destination 172.17.X.X".

Issue with traffic on specific proxy id

We have VPN between Palo Alto and Cisco FMC/FTD.

There is user and server traffic on VPN. VPN status is stable. I don't have any user complaining about disconnection.

But I am seeing disconnection on specific proxyid. All of sudden I am getting ICMP re

SD-WAN OSPF

Hello Team,

I just wanted to know that does PA SD-WAN supports OSPF ??

Or it only supports BGP.

My use case is as below  Branch and a Hub to SDWAN

I have Internet links and Orange MPLS links and I have OSPF on OBS router and on the firewall 

After confi

URL Block / Continue on SSL - doesn't continue, page just refreshes.

I have a "continue" policy set on newly registered domains category.  If I visit a site with https I see the continue page but upon clicking continue the block page just refreshes (the guid in the address bar changes).  

If I visit the site without S

Apps/Threat out of Sync on Passive Panorama.

On one set of panoramas I noticed that the Apps/Threats are out of sync. The passive device downloaded, but did not install the update like the active device did.

The active device is set to sync with peer during the scheduled update.

The trouble is t

AE interface showing higher bandwidth than physical interface

The physical link in the firewall shows lower bandwidth as compared to the aggregate link on the same. Referred the SNMP logs which capture the same, please refer to the screenshots attached and let me know if this an expected behavior or not?