Skip decryption for a certificate chain

Since all public CA's are not supported for decryption. How can we skip the decryption rule for those not supported so we have less tickets and lesser bad reputation. We can't have the list of all the websites from these unsupported CA's. 

Degraded services after introducing Vwire + link aggregation deployment

New guy, trying to deploy a new Palo Alto 3260 to my internet edge for extra protection - 

When I bring my Palo Alto 3260 inline at my internet edge, I start to experience severe packet loss almost immediately. It affects VDI View sessions and our Ci

GP assignments to DNS servers

Hello!

Does anyone knows if it's possible that the information of IP assignment/deletion for Global Protect users could be updated to Windows DNS servers?

Thanks a lot

Usermapping updates ti be send to DNS windows

Hi,

We would like to have the IP assignment / deletion UserId information done by in PA Global Protect clients to be updated in our internal DNSs (Windows). Is that possible?

BGP related query...

We have configured three interface :-

1) Trust Network- Behind eth1/1

2) Untrust Network-  configured on 1/6

3) Azure network:- Configured on 1/9 -

We are planning to configure BGP in VR . Our Objective is:-

1) BGP peering would be with ISP router conne

Correlated Event Log Fields Lacking

Is it me or is there no way to include the actual URL that was accessed by a network source in a "Correlation Log" event (v9.0.9 firmware) . From what I can tell on, other than a generic message like "Host visited known malware URL (X times)". It wou

How to pull Custom Reports using API

Hi all,

I have created some Custom Reports by GUI, query: action allow & addr src=<IP_address>.

Now I am trying to pull those Custom Reports via API, but I cannot find documentation for this.

Can anyone please let me know how to pull created Custom Repo

Panorama Confusion

I have a PA-3020 V8.1.7 and Panoram V8.18 VM (ESX)

I simply require Panorama to both manage the 3020 and collect it's logs.

I have tried to follow endless instructions on how to achieve this but now seem to be struggling with different Panorama modes

FAILOVER IP with PALOALTO

Bonjour,

Je suis nouveau sur ce forum veuillez m'excuser si je suis dans la mauvaise catégorie du Forum.

Nous possédons 2 routeur PALOALTO series 800 en HA ACTIF/PASSIF.

Vu que nos switch's ne sont pas compatible avec le NLB (Network Load Balancing de

Traffic and Threats not visible in Panorama Monitor despite logs are send from FW to Panorama

It's a while since our system of 3 HA Palo Alto Firewalls stopped showing logs in Panorama. 

The logs are generated and forwarded to Panorama as in next two pictures:

Panorama-receiving logsOne of FW sending logsTraffic and Threats not visible

On one

VM100 Base config CLI only

HI all,

Hope i can find someone amazing out there.

We have a VM100 that can only be configured from CLI as the provider that does not support any way to access a VM or webUI

I spent 4 hours on the phone with Palo Alto support and they could not help me

GlobalProtect agent download speed very slow

I am on a 3220 8.1.10 and agent version 5.0.5. Downloading the agent from the portal is very slow; usually less than 1M. Network, upload speeds, etc. checks out, so it appears to be just downloading the agent. Portal and gateway config is using loopb