General Topics

PA-3020 SSL Decryption Query

Hi, I have enabled SSL decryption (forward proxy) on our PA-3020 firewall. The certificate is generated from our CSR and is installed on our PA-3020. I have set up a separate forward trust and forward untrust certificate. The forward trust certificat

PA Configuration File Format Conversion

My organization creates PA firewall configurations in "set" format as they are easier to read and peer review.  It is very cumbersome to then put this style of configuration into the firewall itself. Is there a program/utility that can convert this t

How to get Applications using XML API

I am trying to get a list of applications, or a single application using the XML API. I have tried the following:

api/?type=config&action=get&xpath=/config/shared/application

api/?type=config&action=get&xpath=/config/shared/application/entry[@name='ic

Global Protect 5.0.2 - working deployments/configurations, open issues and everything else

Hi community

Today Global Protect Version 5.0.2 was released. The way to this version was a long one. I had 10 open cases with different issues that I reported for Version 5.0.0 and 5.0.1. Most of them are fixed in 5.0.2 so this version - from what I

can credential phishing detection detect username@domain.com type creds?

can credential phishing detection detect username@company.com format?

Limit in number of character in email subject of wildfire logs

Hi Community,

I have recently noticed that the email subject field in wildfire submission log is shortened, ie, I am not able to see the full subject name. Is there any specific limit for number of characters in that field ?.

Thanks in advance.

Management CPU high in 8.1.7 (just upgraded), bug?

Hi,

We just upgraded from 8.0.11 to 8.1.7. And in this new version 8.1.7 the CPU MGMT is high (90-100%). I attach the top output:

what is "pan_task"? its consuming lot of CPU. Any bug related to this in 8.1.7?

show system resources

top - 16:11:02 up 2

How can use loopback for virtual Ip

Hi expert ,

I would like to know about that if that possible or not about use loopback interface on palo alto such  as Virtual IP same like VRRP in a scenario don't to downtime  use VIP 

Thank you  

IPSEC VPN tunnel monotor showing down

We have configured Tunnel Monitor for IPSEC VPN to monitor IP Peer side server.

My query is I dont see ping packet intiated by tunnel interface towards destination IP on firewall logs.

Though in show vpn tunnel-flow id I can see monitor packets sent

Panorama NAT Translation

I have two datacenters in a region to where multiple offices backhaul to the primary datacenter or may fail over to the secondary datacenter. Both firewall pairs are managed by Panorama. Each datacenter has its on unique external IP range. We break o