NAT Only works part of the time

Ok, Who knows what's going here...Here is my Scenario..

We're looking at a new Phone Platform and I'm only able to get a NAT to work part of the time.  First, when the IP Phone loads, internal address of 172.23.1.1, It connects out to the Platform IP

SSH connection drops randomly

An SSH connection to a particular server drops randomly (usually 20-60 seconds after login). Between the client and the server is a Palo Alto firewall with SSH decryption disabled.

What I tried so far

 - regenerated ssh keys on the server
 - added to se

PA-5220 Decryption Performance Degradation

We have a cluster of PA-5220 firewalls with SSL decryption activated. When initiating a communication across the firewall using a decrypted protocol (scp, HTTPs, etc.) we get 5x slower connections compared to the unencrypted versions of the procotol.

remote vpn on iphone and android config?

i successfully configured remote vpn client for windows to function but the customer is asking for vpn using mobile phones? would it work with the exist configuration? or does it need other kind of configuration? does the mobile phone pull the client

SSL Expired Cert and SSL decryption

We have vendor site which we access.

Recently their SSL cert expired and when I try to access that website chrome shows cert is invalid and still in brower it shows

it is decrypting the website and i can see the PA cert there.

Traffic log shows isessi

Dynamic External Lists for Hostnames

Trying to figure out the best way to accomplish a task. 

1. We have a "Suspicious" rule on our firewall that should be where we place hostnames for users that are observed to have questionable traffic.
2. This will be a dynamic list that will be updated by a

Lost communications via HTTPS

Hello all,

I had a problem with a PA-220, version 8.0.9.
Suddenly I lost HTTPS service for the management interface, It was still working but I only had access via SSH.
When I entered #show deviceconfig system service I couldn't see the services HTTPS &...

Verify Global Protect Clients Connecting using TLS v1,2

Is there a way via the CLI or by viewing a log in the gui that I can verify that my Global Protect VPN clients are connecting using TLS V1.2

disable automic start globalportect and create a shortcut

Hello,

My customer need a "GlobalProtect msi" to ditribute by GPO that complies with the following.

- Customize Portal URL. That is Ok, we edit the with orca software https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClkwCAC.
-

Why is "set address BLAH tag BLAH not working?!

admin@PA-5250-LOANER# show address TULLY
set address TULLY ip-netmask 192.168.15.245
set address TULLY tag Safenet_Listener_Service
[edit]
admin@PA-5250-LOANER# set address POPLICOLA tag Portal_Services

Server error : tag 'Portal_Services' is not a valid