Need to enable Multicast on Site to site IPsec Tunnel

I am working for a product based company, Our Company products will work on Multicasting. usually most of our clients are using Cisco and Juniper equipment . Recently we got a new client and where they want to deploy Palo alto firewalls on multiple

External Dynamic Lists not working

Hi all,

I have configured EDL of type Dynamic URL Lists with the next configuration

Then in URL filtering profile the ransomwaretracker_URL category is configured as BLOCK and the Profile is applied in the Security rule.

It seems configured correctl

Inbound Decryption Advice to overcome Decrypt error

I am asking for help to get SSL Inbound decryption working. I have read all the posts and tried everything I can think of but I keep getting the decrypt error status so I may have a basic misunderstanding. If someone has an insight into what I am doi

Minemeld PA syslog processing

Hi,

I installed Minemeld. I'm now trying to mine the PA traffic logs via syslog. It seems that the processing works but no indicators are extracted? The PA is running 7.1.13 and sending the syslog messages on TCP port 13514 to the Minemeld server.
I

Decent IPv6 miner

Hello all, We use MineMeld with our PA firewalls at work, so I thought I'd try it at home as well, and it was easy to integrate with my OpenBSD PF firewall. Lots of high-quality IPv4 address and subnets to block! However, I also run IPv6 at home and

Planned Cloud Services - GlobalProtect Cloud Service Maintenance Notice

Dear valued Palo Alto Networks customer,

Please be advised that we have a planned service maintenance for the Cloud Services- GlobalProtect Cloud Service infrastructure scheduled from 12/21/2017 6pm PST to 12/23/2017 6pm PST. 

We expect the service

PA 3050 Logged in user web filtering

Hi , ive got a 2 PA 3050's running well , however sometimes they seem to fail to detect the user thats currently logged in and then it follows the sert rules to allow then a "Student-level" web filtering rules whereby shopping , and social media etc

Upgrading 5050 to 5250 in Active/Passive Pair

How can I upgrade 5050 to 5250 hardware in Active/Passive pair.

in case we replace first the passive 5050 with 5250 and keep the same software code version. Does the passive 5250 will sync HA with 5050 active??

How PAN firewall deals with deceptive or invalid URL ?

Users in my  organization received spam email with embeded link URL like 

Fail over with SRV records

I know this isn't really a question for PaloAlto but I was hoping I might get some insight from the community.
We are looking at acquiring a second circuit from a different ISP for a backup failover, not load balancing. I have been studying SRV record

Problem w/ user ID

Hi Gurus,

I'm trying to implement user id agentless.

The LDAP & User Identification are created correctly.

Below is the output:

J-C.Valiere.da@PA_Ecore_Master> show user group list

cn=vpn ecore employee,ou=roles,ou=global,ou=organization,dc=corp,dc=ecor