Phase error

I have a PA 5050 and recently got this error while trying to commit

Latest PAN OS version

What is the latest recommended version?

VM-Series Next-Generation Firewall Bundle 2 in AWS Error

Has anyone had success launching the VM-Series Next-Generation Firewall Bundle 2 in AWS? I've tried through multiple routes (from the Marketplace, from CloudFormation, using AMI directly), to no avail. I've followed the directions exactly from the si

Question to app dependencies

Hi guys!

I'm new to Palo Alto.

Scneario:

I make a new rule from an inside zone to the internet with the app gmx-mail.

gmx-mail depends on web-browsing and ssl.

Do I have to add web-browsing and ssl to this rule to make gmx-mail work?

Or could I make anothe

Can't seem to connect to Cisco ASA

Using the following Phase 1 settings:

I keep getting this error:

Received unencrypted notify payload (no proposal chosen) from IP x.x.x.x[500] to y.y.y.y[500], ignored...orIKE phase-1 negotiation is failed. Unable to process peer’s SA payload.

Check th

Surveillance system

Has anyone here used a surveillance system?? I'm in need of a security system, but I don't have any idea on how to select the best one. I recently happened to read an article http://www.fire-monitoring.com/ip-cctv-moving-future/ and thought it will b

Skype for Business using App-ID?

Does anyone have a definitive list of which applications are required for 365 hosted Skype for Business to work please?

I'm using MineMeld to product a dynamic block list of the 365 Skype for Business IP ranges published by Microsoft and I've settled

Multiple WAN Interface Setup, different zones

Hi all

I'm struggling to configure a VM-200 with multiple WAN interfaces. I've read a few forum posts on the subject and I understand the suggestions (PBF, 1:1 vs 1:Many NAT, etc) but the situation I'm in is a little different.

We are running the VM-

Send OSPF default route with PBR

I have a network were what I would like to have happen is that the PAN device tracks its connection to the internet and as long as that is alive send a default route to its neighbor.  If that fails i would like it to stop sending that default route s

Redundant IPSEC VPN with cisco and VPN monitor

Hello Experts

I have PA on hub site and Cisco ASA at spoke site. At hub site, I have two ISP links, and ASA establish two IPSEC VPN with hub PA through both ISP, one IPSEC is primary and other is backup

Now to failover, I am thinking to use VPN monit

15-20 seconds of denied traffic when applications and threats are updated

According to our traffic logs a lot of traffic is denied during a period of 15-20 seconds every time we update applications and threats on our PA-5050. Is this normal? This is all kinds of traffic like mssql-db, web-browsing, ms-sms etc.

Rule too allow access to group of URLs?

PANOS 7.0.4 and I'm struggling to do something that feels basic 

I need to allow anything on the LAN access to

• *.sophos.com 
• *.sophosupd.com
• *.sophosupd.net
• *.sophosxl.net
• ocsp2.globalsign.com
• crl.globalsign.com

as per https://community.sophos.com/kb/en-u