Importing PA200 configuration to PA220.

We are planning to phase out PA200 firewall with PA220 .

PA200 firewall is running PAN OS 7.1.14.

PA 220 firewall comes preloaded with PAN OS version 8.0.X.

My concerns is, Can we directly import the firewall configuration  (device state) from PA200 to

Minemeld infrastructure components decoupling

Hi all,

I was wondering whether there is an easy way to decouple infrastructure components (i.e. redis, rabbitmq, nginx) on remote servers? 

A quick overview of the engine code shows that some parts look for environment variable 'REDIS_URL'. Howe

URL alerting without SSL decryption

Hello all! I've got a question on URL category alerting. I can set up alerting for malware and phishing categories, for example. I get the alerts if the site is HTTP only. I don't seem to get them if it is HTTPS.

My question is this... Shouldn't the

Active/Active HA tentative state question

Let's say we have 2 firewalls in A/A HA

each firewall has 2 vWire (single interfaces, no aggregration)

eth1/eth2 = vWire 1 and eth3/eth4=vWire2

link monitoring is set such that if any of eth1/eth2 interfaces are down or any of eth3/eth4 are down the fir

Reassign firewall from local log collector to dedicated log collector

Hi All

I have M100 with local log collector. Firwalls are sending logs to M100. Now I want to add dedicated log collector. So I need to reassign firewall to new dedicated log collector. 

Once I do that, will I be able to see the old logs on M100?

If n

Monitoring Individual Dataplane CPU's

We are currently experiencing issues in our network environment with dp0 (specifically) being overutilized on the Palo Alto 5050 and 5060's, mainly due to the fact that IPSEC traffic is not offloaded from dp0 to dp1 and/or dp2.

We can actively monito

Planned Service Maintenance for the Cloud Services- GlobalProtect Cloud Service infrastructure

Dear valued Palo Alto Networks customer,

Please be advised that we have a planned service maintenance for the Cloud Services- GlobalProtect Cloud Service infrastructure scheduled from 05/21/2018 8am PST to 05/23/2018 8am PST. 

We expect the service

Wired and Wi-Fi network hopping and DHCP Server default gateway route metric increases

At my remote offices, I have users that want to leave WiFi and wired on at the same time.

I have redundant PA-220's that serve as my local router and DHCP server for both wired and Wi-Fi.

The wired and wireless connections are in different networks (

Error exporting certificate: Failed to prepare certificate 'NAME_OF_CERTIFICATE' for export

Hi,

I generated the certificates on the firewall for Global protect portal and trying to export the file no matter what format, I am getting the error message saying  failedto prepare certificate. I am using windown 10 but another user accessing the

Panorama log settings wildfire is invalid error on commit failure

Hi

We are using panorama 7.1.11 to commit to a pa-2050 on 6.0.1.

The commit keeps failing both form panorama and firewall.

This is the error in the commit window and I see not such options for a setting like log fwding - profiles!

Appreciate any help

taxii._decode_object_properties ERROR - Unknown IP version

Hi all,

during the IoC import from Taxii Feed (FS-ISAC) to Minemeld through a Miner Taxii client (minemeld.ft.taxii.TaxiiClient) i've found some issue in minemeld-engine.log:

2018-05-12T15:45:05 (50697)taxii._decode_object_properties ERROR: node-Prova