Log Parsing

Hi team,

i am sending the firewall logs to a kibana for log analytic purpose and i ran into a minor issue i can not find a good working grok parsing for the logs that will actually work.

any chances any one here done that and can help me with it ?

Be

TAP in environments with asynchronous routing

We have a situation where we can't get all the mirrored traffic to the same interface. But as it's asynchronour souting nevironment a packet can be mirrored to one interface and the reply to the other. So we need to connect 2 PA TAP interfaces to cap

Reverse Proxy and X-forwarded-for

We use a load balancer to terminate SSL connections coming into our publicly accessible web servers from the Internet.  The same load balancers are used as a reverse proxy.  Because this produces a blind-spot for us, we have configured the load balan

Deleted rule still matching traffic

Hi team,

We have experiencing something strange behaviour on one of our Palo Alto. 

Palo Alto is managed via Panorama, our costumer add a security rule directly to device (not using Panorama). We delete the rule on the device, so doesn't appears anym

Dynamic updates failing since the 18th....

Some of our PA's are failing to get updates with a "generic communication failure"

They go out the same rule on one PA.

The DR site seems to be ok.

DNS and trace route seem fine...

Rob

Custom Miner commit error : Unknown Node Class : minemeld.ft.azure.AzureChinaJSON in Azure-China-Min

Hello,

I am trying to create a custom miner for Azure China feed. I have successfully tested it in one of the servers, but it doesn't let me commit when I create a Miner.

Already applied the solution from https://live.paloaltonetworks.com/t5/MineMeld-

Creating more than 250 scheduled policy

As Paloalto 3200 series has limitation of 250 scheduled policy How we can over come this limitation ?

Global Protect 8.1 - Building Clientless VPN but stuck on DNS-Proxy Setup

I am starting to build a clientless vpn setup, but I am getting errors when building a DNS Proxy and DNS Server Profile. 

I get this error msg. I tried ethernet, tunnels and loopback interfaces and they all failed. I tried following the instructions b

UDP Sessions Discarded (DUO timeouts)

Anyone experience any issues with 2FA timing out occasionally. For example, we have a weird situation where the 2FA integrated with DUO is working fine but after a week or two suddenly all users stop getting the push notification. Looking at the PAN

SSL Decryption: SHA1-Intermediate certificate gets decrypted, even if not allowed to

Hi paloalto community,

I tested my new ssl decryption rules against the badssl dashboard ( https://badssl.com/dashboard/ ).

So far it looks good. Unfortunately the check for sha1-intermediate doesn’t pass. Our PA-850 (Firmware 9.0.5) does create a sec

what do we exactly mean by threat prevention throughput of firewall ?

Hi Experts,

I am always in doubt when someone asks how much PA 220 can support as far as throughput is concerned.

In datasheet there are 2 throughput , firewall throughput ( 560 Mbps) and threat prevention throughput ( 260mbps).

Customer has line of 2 a

Is it possible to integrate google authenticator with PaloAlto for device admin authentication (two factor)?

Hi All,

Is it possible to integrate google authenticator with PaloAlto for device admin authentication (two factor)?

If possible, how to accomplish the same. Share if any document is available.

Thank you,

Guru

Palo Alto Support Going down hill

Is it just me or is Palo Alto Phone support going down hill. It use to be when you called within 15 min you had a tech but over the last 2 years its getting worst to get a human on the phone and opening a ticket online is no better. I opened a ticket