General Topics

PA-3020 OS 9.0 either support GRE Tunneling Support

We are planning to upgrade PA-3020 devices to PAN-OS 9, please advise either PA-3020 devices can be upgraded to OS 9

PAN-OS 9.x is to use new features introduced in new OS like GRE tunneling, would you please confirm either our device PA-3020 support

why "set ssh service-restart mgmt" reboots PA-220 with 8.1.13?

Hi,

My PA-220's needed some SSH changes. After these were committed locally, I ran the 
"set ssh service-restart mgmt" command, as the manual says, in run mode.

The firewall pings for about 30 seconds, then reboots. I'm using 8.1.13.

Why does it reboot

Application Square

Is anyone managing the application 'Square'?

I am trying to get a better understanding how to identify the application being used for a transaction vs a website visit.

A website visit to https://squareup.com/ triggers the application the same as a tr

Require assistance to install AWS on minemeld

Hello all,

I cannot install aws.AMAZON miner when I add it with the default config all minemelds is not responding and the minemeld's service is looping

curl -k 'https://ip-ranges.amazonaws.com/ip-ranges.json' works

the default config.

the miner.

Pro

how to delete panorama config logs

we have set retention period for 1 day , but still config logs are showing of last 5 days in Panorama. As per tac this is the bug as they are currently analyzing the file.

Also tried to delete all config logs of Panorama through cli but no luck. 

Below

Object add in bunch of policies.

Hi All,

An object (IP address: 192.168.1.2 as an example) configured in the PA firewall and assigned it to 50+ security policies as a source/destination address.

Now, I want another object (IP address: 192.168.1.5) assign into the same 50+ security p

How to allow a specific file extension

I work for a K-12 school district that uses a program that reads books to students.  The file extension is .kes (KES is a file extension that belongs to Text Files of Kurzweil Educational Systems) and is blocked in our file blocking profile as an Enc

PA config replication through Panorama

Hi All,

I am looking for a method to replicate the configuration of one of our virtual firewalls to a physical firewall through Panorama device-groups and templates.

Let me explain the setup:

We have a core firewall with multiple vsys enabled, and one

Feature requests - command line or API consistency with GUI actions please

In particular we discovered that methods of creating configuration backups are not consistent across the various management interfaces.  It appears as if the most restore-able version of the backup has to be done from the GUI.

The 'export'/'scp'/'tft

Vwire interfaces are flap

We have a Paloalto connected in vwire mode Cisco ASR1 is  connected on PA eth1/21 (Primary) and Cisco ASA (Primary)is connected on PA eth1/22. Same as Cisco ASR2(secondary) is connected on ethernet1/23 and Cisco ASA(secondary) is connected via Ethern

Overlapping Proxy ID"s

I have a IPSEC site to site VPN with a Check Point firewall.  In the Palo Alto I have networks / proxy ID's that overlap each other?  Can this cause issues?

For example I have:

Local                                                   Remote

192.168.50.

Broken SSL Inbound Inspection After July Windows Updates Enables TLS 1.3

I have been using SSL Inbound Decryption for over a year with options

1) Block sessions with unsupported versions

2) Block sessions with unsupported cipher suites

After applying Windows 10 updates to a reverse proxy server, it appears that connection t