Resolved! ( description contains 'Deleting a possible stale phase-1 SA. cookie:d70d3ea988b0f5c9:c487910ab407e3

What can be reason for this message

( description contains 'Deleting a possible stale phase-1 SA. cookie:d70d3ea988b0f5c9:c487910ab407e332.' )

this causes Phas2 down then both Phase 1 and 2 down then Phase 1 comes back and phase 2 is still down?

Resolved! show vpn ike-sa gateway Corp

when i run above command it says

Show IKEv1 IKE SA: Total 6 gateways found. 1 ike sa found.

Show IKEv1 phase2 SA: Total 6 gateways found. 65 ike sa found.

What does above number tell us ?

Resolved! Every few mins in system logs eventid eq ike-nego-p2-succ

We have IPSEC tunnel to vendor every few mins in system logs i see

eventid eq ike-nego-p2-succ

and ( description contains 'IKE phase-2 negotiation is succeeded as initiator, quick mode. Established SA: 193.x.x.x.[500]-174.112.x.x[500] message id:0x8

Resolved! Tunnel went down while PA was responder

Seems PA was responder and tunnel went down today at 9.29.22  MST

below are logs

We were responder so we should know the reason for tunnel going down

72%2019-05-10 09:28:16.772 -0600 [PNTF]: { 14: }: notification message 36136:R-U-THERE, doi=1 proto_

Resolved! M500 Log Retention Time reduced from 1 year to 180 days and Free Space

We have M500 as dedicated Log collector mode.

Last week I changes the Log Retention from 365 to 180 days.

Still Free space is only 300GB.

Total space is 20 Tera Byte.

Will I get any more free space or not as oldest log is set to 180 days?

Resolved! Content / Database Versions Do Not Match

Every week I recieve these emails while the PAN firewalls do their weekly updates, is there a way to not recieve these e-mails, the time stamps are exactly the same from each device, as they are upgrading at the exact same time. Is there a setting in

Resolved! How to...(VPN globalprotect)

Hello guys,

I'm trying to do something and i'm not really sure if it's possible. Let's get into...

I have an url that is for example: "www.myweb.com". Our partner is hosting that web and with his firewall is just allowing us the access through our IP

Resolved! Palo Alto Bandwidth limiting bandwidth for certain subnets?

i have a PA-220 , can i limit bandwidth for certain subnets , for example limit a guest subnet for 10 mbps while let other subnet take 20 mbps? if so how do i do that?

Resolved! cfg export + master key hash

Dear Community,

I have found this side note in an article regarding the master key on the firewall.

"Without the Master Key, when a configuration is exported from a firewall, the password is hashed and can be copied."

Basically its the exact answer o

Resolved! Intel MDS Attack

Can anyone help to provide more information if below CVE are impacted in Palo Alto product line?

Intel Microarchitectural Data Sampling Vulnerabilities (Fallout, RIDL, Zombieload) (CVE-2018-12126 , CVE-2018-12127, CVE-2018-12130, CVE-2019-11091)