Custom signature for unknown tcp

this is a capture from a tcp traffic.

i want to make a custom app id because in my log it say my application is an unknown-TCP application 

how can i get the signature from the digits (image) ?

can someone thell me or give me tips how i should make a cu

Debugs available in PAN-OS and their default states

Debugs, what they are for and their default states.

I started writing this to refresh a set of scripts. I found most of the debugs and states are not well documented yet. If you know otherwise, please post a comment. I will continue updating this tab

VM-100, ESXi, Module 'CPUID' power on failed

Trying to get a VM100 to power on with an ESXi host. 

This is a HP EliteDesk 800 G1 i5.  I'm getting the message that Intel VT-x is available but it might be disabled.  However, I know hyper threading is enabled in the HP Bios.

Tryig to run Palo 8.0.

GlobalProtect Cloud Service maintenance: Mar 6-8

Dear valued Palo Alto Networks customer,

Please be advised that we have a planned service maintenance for the Cloud Services- GlobalProtect Cloud Service infrastructure scheduled from 03/06/2018 4pm PST to 03/08/2018 4pm PST. 

We expect the service

3/5 Planned GlobalProtect Cloud Service maintenance notice

Dear valued Palo Alto Networks customer,

Please be advised that we have a planned service maintenance for the Cloud Services- GlobalProtect Cloud Service infrastructure scheduled from 03/05/2018 4pm PST to 03/05/2018 5pm PST. 

We expect the servi

Zones

Is it possible to use DG layering to solve DaaS Zone issue??

1. Can we create a DG-DaaS whose parent will be ‘DG-AWS_DQA’.
2. Assign Seattle DQT firewall to DG-AWS_DQA
3. Assign Ashburn n future Chicago to DG-DaaS (since it has DG-AWS_DQA as parent, it

Is it possible to use DG layering to solve DaaS Zone issue??

Is it possible to use DG layering to solve DaaS Zone issue??

1. Can we create a DG-DaaS whose parent will be ‘DG-AWS_DQA’.
2. Assign Seattle DQT firewall to DG-AWS_DQA
3. Assign Ashburn n future Chicago to DG-DaaS (since it has DG-AWS_DQA as parent, it

IPSec Tunnel from vsys1 to vsys2

Hello All,

I have a design issue to mull over, and one of the options is to look at having ipsec tunnels between vsys isntances on the same box.

So, I have vsys1 as my default vr, what I may need to do is turn up vsys2 and have certain traffic in vsy

Rule base documentation

PA Best practice says you should have your rules documented on the rules and some where other than your rule base. Anyone doing that? and if so how

Last shutdown/restart date

Is there anyway to find out when a device was last shutdown?

Thanks,

Monthly Graph Reports (Pie&Line Charts)

Hi,

we have to build monthly PDF reports with nice graphs like Pie&Line Charts  for the management. Unfortunately PDF summary reports are the only one which contain graphs (despite the ACC Widgets) and are generated only everyday. Is it possible to ge

User-ID Policy not being used

We have an agentless User-ID setup. Firewall is able to pull user accounts from the AD.

User-ID based policies were created on top of IP-Based policies.

However, some user traffic can be seen using the user-id based policies, some users can be seen us