General Topics

Resolved! Why PA is Responder for Phase 1 and Initiator for Phase 2

Seems Phase 2 is down and system log shows below logs again and again

and ( description contains 'IKE phase-2 negotiation is failed as initiator, quick mode. Failed SA: 198.160.x.x[500]-173.182.x.x[500] message id:0xF55F380F. Due to negotiation time

Resolved! Custom URL Category

I have a test url category with only one url. i have applied this url category to a test policy, not using a profile but directly in the policy under "service/url category".

when i browse to the site it uses the correct policy to allow the request...

Resolved! The DPD is "not persistent" and is only triggered by a Phase 2 rekey

I was reading this KB article about DPD

does this mean that say when phase 1 is down or its lifetime expires will DPD will come into play?

or 

when when phase 1 is red and phase 2 about to expire rekey will happen for phase 2 then DPD will come int

Resolved! Phase 1 ike logs cookie:ff4e9af69a787ea4:0000000000000000

does 0000000000000000  mean that PA is not able to communicate with partner?

Resolved! New minemeld deploy unable to login to GUI

Used OVA to deploy it on ESXi.  Default admin/minemeld did not work after deployment and NO changes.  Gives the message "ERROR CHECKING CREDENTIALS: Bad Gateway"

Logged in via CLI and ran the following:

Resolved! How to install & upgrade Firewall new on client side

We had ordered the firewall and it's been delivered to client Now we want to configure and upgrade without distrubtring the current network what is the best way to do this or we had to bring it our side to configure and send back?

Any document or cli

Resolved! How long does PA stays as Responder in IPSEC connection

We have IPSEC from PA to vendor.

On GUI I see PA is responder

Does this mean that PA will remain as Responder until tunnel goes down   ?

If rekey happens for phase 1 and 2 will still PA remain as Responder?