HIP Profile serial number filter issue

I have upgrade my firewall from 9.0.9 h1 to 9.1.4 when i generate the report for the HIP profile or use the filter base on serial number iam facing this issue please suggest i there any bug in 9.1.4 

Even clicking on serial number in HIP Match logs to

Can someone exsplaine to me like I'm 5 what App-IDs are?

So I need to update my PanOS on my PA-3020, but because I have a mission-critical network I need to avoid downtime as much as possible.  In the walk-through for the PanOS upgrade, it says 'any change a content releases introduces that affects App-ID

EDL IP List GUI not display

Currently setting EDL
EDL IP information can be captured on CLI
But it cannot be confirmed in the GUI

Tried PANOS  version 8.1.5 and 9.0.0 

Try some edl can
Some can not be displayed

not display
https://report.cs.rutgers.edu/DROP/attackers

can
http://rules.

Incomplete sessions for NATTING/Access to different site DMZ

Hi All,

I am having a complex and tricky setup that require NATTING and host web server in different network/site DMZ, I know it is not best practice but hope you can help:

Here is topology:

Site A zones: Trust, Untrust and DMZ with their own public IP

Palo Alto aws Deployment

Hello guys

I'm honestly a noob. I just set up a palo alto vm series bundle 2 on my aws with 3 interfacer.

eth 0/0 for management

eth 1/1 for the public subnet

eth 1/2 for the private subnet

I've been trying to set up a wordpress server on the private sub

ikev2 with cisco Router using certificate problem

after I finished the ikev2 configuration(using Distinguished Name (Subject) from PAN and Cisco Router using identity local dn ), I got this isse:

received ID_I (type dn [CN=externalrouter.robinlab.org,unstructuredName=externalrouter.robinlab.org]) d

SSL inbound inspection

Hi Team,

I am facing the issue in SSL decryption intermittently. For the transaction website.

traffic flow for the SSL inspection is:-

Outside user ------> Paloalto--------->Load balancer-------->Application server.

In the destination NAT translation,

PA Migration from 5050 to 5220 with below requirement-Suggesstions Request

Hi Team,

I have to Migrate PA from 5050 to 5220 for data center firewall.

We are using ASA for Internet.In PA data center firewall we have 2 vsys 1 for internal  another for DMZ.

Now the planis DC firewall we are migrating to 5220 afterthat ASA replaced

Does updating definitions/antivirus cause any downtime?

I have a new PA-3020 that is inline on my network, meaning if it goes down then so does my network.  
Because this PA-3020 is inline I was worried about updating the definitions (only two weeks old right now), and I was not sure if during a definition

PA Firewalls HA Active-Active Routed design with BGP

Hello Everyone,
I'm designing an edge network with Active/Active HA. After reading the PA documentation, I found Active/Active Routed based redundancy design which seems best suited for our environment. However the topology shown in Docs is a square m

DNS Query

Can we configure firewall will allow only one response for one dns request packet. Please suggest