Decryption changes v9.0.4

We upgraded the firewall to v9.0.4 from 8.1.11h2 this weekend and came in to our hosted exchange / outlook profiles failing to load. I added the mail host server in the do not decrypt policy and a percentage of the users reported services normal. It

Zone mapping in SDWAN

I find this document below hard to follow or understand. Can someone explain it to me in simpler terms? For example, suppose I have the following zones already: Trust, Untrust, VPN. What would this map to in SDWAN? What is zone-internal? Is that Trus

Wildfire statistics

Hi,

I have a question related to Wildfire: We need wildfire statistics during the year 2019, inspected files, files with malware, files with grayware and files with pishing. Is there any way to collect this info? from PA or wildfire web? I can not fi

Data Lake status SNMP monitoring

Hi everybody,

we are quite often have a problem with logging to Data Lake.

Mostly Data Lake certificate expires and is not being renew automatically, so logs are not being forwarded to Data Lake and XDR doesn't have info. 

Is there a way, how to moni

IKE gateway is not allowed

Hi all, 
I've just installed a PA 3220 and there're dynamics VPNs tunnel. IKEs are up. However,  phase 2 (tunnel) aren't coming up. 

Looking at the logs I see the following logs for all VPNs .
"initiate negotiation to dynamic peer from IKE gateway is n

Policy Based Forwarding PBF based on destination country or self defined region?

Can this be accomplished without something like a Performance Routing service or hybrid WAN systems a couple companies offer? Is it a roadmap feature of PAN-OS PBF? PBF seems to be one of few things that do NOT support Regions.

I'd like to PBF my con

Monitor > Logs > Traffic - App-ID 'ping' not logging from endpoints.

Good day everyone and thank you in advance. 

Just to be sure I'm not losing my mind entirely - I thought I'd post up here and see if any veterans have any ideas.  I was troubleshooting something earlier today with a re-IP on some printers traversing

MineMeld engine showing failed to start?

Hey guys, just attempted to setup minemeld . when we login to minemeld, i noticed that it is showing that minemeld engine has failed to started. attempted to restart engine but it does not seems to have any difference in results. we did harden the se

Protection for Citrix vulnerability CVE-2019-19781

Hi,

Is there any official word when PA will get protection for CVE-2019-19781 - Vulnerability in Citrix Application Delivery Controller and Citrix Gateway?

https://support.citrix.com/article/CTX267027

Thanks.

Unblocking websites that are from a region that we block

So after a ransomware attack back in september, we started blocking traffic from certain regions.  However I have users that are trying to access legitamate sites from those regions.  Is it possible to block the regions, but allow sites from said reg

"OSPF-neighbor-down"- software bug??

I'm currently running 8.1.10 on PA-820 firewalls. They are in A/P failover pair. Last night, all of a sudden primary firewall started showing "( eventid eq routed-OSPF-neighbor-down )" in system logs and OSPF went down. I failed over to secondary and