Expedition 1.1.88 hangs during XML export due to ASA Tags/Objects

I have a repeatable issue with Expedition.

I have an ASA with 3 contexts, no matter how i import them, export refuses to pull out tags

cat /etc/tmp shows:

Notice: Undefined offset: 0 in /var/www/html/libs/common/xml/panosxml.php on line 1752

Fatal err

what is mean ---authentication cannot have more than one subconfiguration

I use two PA820s for ipsec vpn and  used certificate-Based Authentication for IKE

The 820-A version is 8.1.6 and the 820-B version is 9.1.4.
820-A configuration ike gateway no problem。
820-B will report an error when configuring ike gateway ，

authenticat

Allow Sub-URL to Specific IP

Hi All,

We've 'abc.com' as primary URL which should be accessed by all.

sub URL - 'abc.com/odata' should be allowed to access only to specific Public IP which we mention.

Please suggest how we can apply these policy in PaloAlto.

Thanks,

Sathish

Changing an appliance management IP on a Panorama managed appliance

Hello,

I have to reconfigure management IPs on PAN-OS 8.1.x firewalls, which is managed also by a Panorama 8.1.x server. My thinking re process is as follows:

Add new policy to allow Panorama to new Mgt IP on applicable firewalls and vice versa.

Recon

Device Health Status

Hi Team, 

We have few firewalls (5520,5260, 3220 and 3260) managed by Panorama. I wanted to check the health status of those firewall. I found some of them are in Deviating Devices list due to the memory / CPU consumption. For example, in some devices

How to fix this vulnerability in palo alto?

Hi,

Please help to resolve the following vulnerability

Vulnerabilities :
1. HTTP DELETE Method Enabled (http-delete-method-enabled)
2. HTTP OPTIONS Method Enabled (http-options-method-enabled)
3. TLS/SSL Server Supports The Use of Static Key Ciphers (ssl

Changing password over GlobalProtect

Hi team,

Does anybody know if there is any compatibility issue between Palo Alto and Aruba Clearpass for changing users' passwords?

When we use Microsoft NPS, GlobalProtect users will be prompted for changing their passwords when the passwords are expi

I need to block the file with it's classification content.

I am new in Palo alto I would need to block the file with it's classification data, in attached screen shot there is AdNew file and its classification on properties section is "Deepika_Classification" Label is there I need to block as per it's label.

Panorama 10.0 Issue with Risk Factor displaying as zero

Hey everyone! So one of customers recently migrated to PAN-OS 10.0. They have a couple of firewalls, a M200 as a log collector and a Panorama appliance. The ACC initially doesn't show any data, which it did with previous releases. We must switch in a

PA-VM (v8.1.10) shows ETH interfaces at 10G and need them to be 1G

Running GNS3 on VMWare Workstation setup.

I have PA-VM installed running v8.1.10 code.

Everything runs well but seeing that my interfaces are running at 10G (by default) and I can't change that.

In Network-Interfaces-Ethernet-Advanced - "Link Setting" -

change log retention days

hello all,

I'm trying to change the log retention days but i'm not sure about the below:

- Does it required a restart or rebooting?

- Does it have any impact on the firewall configuration or the services configured on it?

Your help will be really appre

HA, Active-Active or Active-Passive

Dears Expertise,

we have 2 PA-3220, and we think to configure HA between those devices,

now what is the best practices for mentioned topic   

Active-Active or Active-Passive

just i want to know what is the essential difference between them, when i need t

Feature Request: alert rule message template for ALL destination types

Allow for creation of message templates for ALL destination types, not just email.

Would like to customize SQS message and all other messages formats when sending an alert.

Business value:

Allows customers to customize and manage event messages from ale