Almost all traffic identified as unknown-tcp?

We are seeing some of our Palo's periodically logging (almost) all traffic as unknown-tcp.

As the traffic is being allowed through (and logged against) rules that do not allow it we assume this is a problem with the logs, rather than traffic being mi

Blizzard New Game Overwatch PA not allowing voice traffic through, Even with custom service ports.

It seems that I can not seem to get the voice chat in Blizzards over watch to work through a PA. 

So as a test i put TCP ports 1119, 3724, 6113, 80, and udp 26503-36503 and 3724 forward through allowing any app, to the PC running the game.  Still didn

checking cpu utilization from last day

need to know if we caneck DP cpu utilization for certain time frame?

Application dependency behavior

Rule 1 blocks apps A & B

Rule 2 allows the same apps as they are included in an application filter, along with otyher apps.

Why do i see app dependency warning for the apps that are blocked by rule 1, & how can i resolve this.

Rule 1 allows apps A & B

Other Administrators are holding device wide commit locks

Hi Guys,

i have actually the problem that i cant do any commit, there are two pending commits and if i try to commit the following message appearing:

"Error Other Administrators are holding device wide commit locks". 

Even when im logged in as the ad

OSPF Issue in 8.1.1

Hello,

I am facing a flapping issue in OSPF, where the neighbor keeps going up and down, I tried adding a static route but the connectivity still drops packets between two devices behind the firewall on one side and behind the other mpls router on th

u-turn - why?

Hello,

i'm moving complex configuration from Juniper's ISG2000 (ScreenOS) to PA-5220 and i faced a problem with internal servers (in DMZ zone) which should be available for everyone (including our own employees) on public IP addresses.

On ScreenOS it

Decryption and Firefox

Greetings

From my research into useing decryptiona nd the SSl certificate.

I believe I need to manually install the certificate for each user?

Is there not a better way?

As a School that equals 100 users and about 300 PC's.

If there is not a better wa

TLS 1.3 support

When can we expect PANOS to support TLS 1.3 for SSL Decryption and WebUI management ?

Firefox will have TLS 1.3 on by default with Firefox 52.   Chrome 56 already have TLS 1.3, but Google paused the roll out at this point, due to other vendor proble

HA sync time

I have 400 rules and it takes my PA 5050 HA pair 4 minutes to sync, that seesm long to me anyone else know their sync times or what should be a reasonable time?

GlobalProtect Install issues

having a bit of a weird issue.  I believe it may be related to some of my security setting in GPO, but I can't tell what. 

When users download one of the 4.1 releases of the GlobalProtect clients, the install will go through the first screen or two,