Service Routes Don't Work W/O MGMT Connected

I have hundreds of PA 220's on 8.1.0 that are unable to download updates.  The services routes are all configured to use a loopback and its IP which routes fine, and can ping whatever is necessary, the management interface is disconnected at all thes

SSL Decryption inbound and OCSP stapling

Hi

Seems like inbound SSL Decrypt doesn't handle OCSP stapling  ..... Not sure why PA have missed out on this.

Raised it with my SE... not happy with my SE not feeling the love.

Any one else been caught by this

EDIT - adding stapling, must stay away

SSL inbound inspection wildcard certificate

Trying to configure ssl inbound inspection for one of my web sites hosted internally. The IIS server has many sites being served thru host headers. All of the SSL bound sites use the same wildcard certificate *.external-domain-name on this server. I

Add local IP list to minemeld

Is there a way to add local IP's in a notepad to be added to minmeld for blocking.

Panorama - HA Group 10: Anti-Virus version does not match

Hi Experts,

 From  Panorama, we're managing around 20+firewalls. In Panorama system logs, we're seeing " HA Group 10: Anti-Virus version does not match error messages".

Though the errors are self expalantory , how do we confirm out of 20 firewalls whi

How to report false positive if I'm not a customer

Hello there, 

I represent Kromtech company(https://kromtech.com) which produces MacKeeper app (https://mackeeper.com). 

We have report from our partners that your WildFire service marks our products as Malware.

We would like to report false positive but

Can I copy 8.0.4 config from 3020 to 8.1.x on 3220 without any changes to XML?

Hi,

Can I copy 8.0.4 config from 3020 to 8.1.x on 3220 without any changes to XML? Interfaces will be the same.

Thanks

User-ID/Facebook allow group

Hello, 

I am having trouble with this configuration. 

In a Windows domain environment. 

I installed User-ID on server and confirmed User-ID is running and IP/user mapping is all listed in the monitoring log. 

User-ID agent is connected in the firewal

MineMeld Splunk App

Hi Guys,

I'm new to this community. At the moment, we are actively exploring MineMeld in our environment and would like to know if there is any connectors available for Splunk to consume intel collected by MineMeld .

Please advise.

Thank you.

Is my upgrade the cause of a vlan not working

After I upgraded my palo alto fro 7.1.15 to 7.1.16 I had a report that a certain vlan can not longer access the internet.  I have a back up of the config before the upgrade and one after the upgrade and so far I don't see any change in virtual router

Arp getting time out after 30 min on sub interface

We are facing some starnge issue .

We are having an ISP which is connected to sub interface.

We are trying to repalce it with new one. Same Subnet /29 but different IP. NAT rules also same because same subnet.

The issue we are facing is when new ISP con

Static Routes

We have a Cisco ASA that has tunnels to our branch offices.  An Example is 192.168.9.0/24.  The local network is 192.168.10.0/24.  The lan port of the ASA is 192.168.10.10.  The lan port of the Palo Alto is 192.168.10.1.  When I change the gateway to