PaloAlto Decrypt Mirror not traffic visible to VM but switch port mirror traffic is

I've setup VMware ESXi 6.5 and 6.5U1 with a few different intrusion detection systems and SIEM platforms and getting inconsistent behavior w/ the Palo Alto Decrypt Mirror port vs. other technologies such as a SPAN or "Mirror Port".

Many NIDS platforms

Connectivity to updates.paloaltonetworks.com issue

I can't use Management interface to connect to updates.paloaltonetworks.com.  I am trying to use trust or untrust interface byt no success. I followed some Palo Alto configuration example but still no success. I would apprreciate your help.

mac address learning of actual physical port on lacp

We have LACP  aggregate connection to the switch.

is there any way i can learn the mac address of the switch port itself on the PA ?

Right now PA only shows me mac address of chassis of the switch.

Panorama Can't export report pdf from template

Hi all, I found issue about panorama can't export pdf when use of the template is show " Error enqueuing export job", I attempted export more time and show job id and clear already but not work, how to fix it.

Thank you 

PA VM-Series on VM in Azure

Hello Community! 

I would like to know if we can use Palo Alto on our own VMs that we have deployed on Azure instead of deploying the firewall software through Marketplace (maybe get an image file or something that we can directly deploy on an Azure

Changing Untrusted interface IP (VPN gateway/portal)

We will soon be switching ISPs and will need to change the IP address of our "untrusted" external interface.  This is the same interface/IP address that is associated with the GlobalProtect gateway and portal.  Are there any special considerations wi

Cisco ACI, policy based redirect

This is often talked about from bot cisco and palo (when you use a pbr in aci to route some ports to the firewall)

Is there anyone here acctuly using it?

USER-ID littered with pc HOSTNAME@DOMAIN.COM

While looking through logs to see why occionally a user gets reported as user@domain.com instead of domain\user, we noticed the logs were filled with COMPUTERHOSTNAME@DOMAIN.COM as well.  Is this expected?

Change encryption of certificate

Hello there!

I have a question regarding the encryption of a certificate. Right now I am using a certificate issued by a Class 2 Certification Authority that is using SHA-1 encryption, but this is not satisfactory. How can I update the encryption type...

Multi-hop VPN

We have an interesting VPN request that's I have not seen yet.

User logs into Global Protect from home and RDP's to desktop on campus. The user then tries to open a Global Protect connection from that campus workstation to get access to another restr

custom app-id for unknown TCP application

good day,

i know that answer might be simple but cannot find correct approach.

I have an application which identified as unknown-TCP and i have created pattern for it with few conditions.

now I have discovered that some devices behave different way and