Stuck out of management

Hello guys,

I have made a stupid mistake on a PA-820. I have changed the Permitted IP in the Interface Management Settings to a single IP (the Panorama server) and now I cannot access the device anymore.

Any ideas? I cannot access even in SSH. The Pa

Panorama Read Only mode?

Hi all,

I cannot modify my Panorama templates (Network, Device), even though I logged in with the admin account. As I attached the screenshots, it says (Read Only) mode and grayed out the check boxes, so I am unable to modify the Interface Management

Multiple DHCP Scope’s on 1 interface

I have a router with 2 VLAN’s. The router is connected to a PaloAlto and behind this PaloAlto I have a server witch serves DHCP. The VLAN interfaces on the router are configured with a helper address to the DHCP server.

We would like to remove all se

App-id not working on some Apps

I am seeing a number of applications which have definitions, but are not being identified correctly:  kaokatalk, league of legends, battle.net and guild wars to name a few.  these are showing the correct ports but showing as "unkown-tcp".  Is there s

Traps - Permit .exe file with specific certificate

Hi,

We would like to add a specific certificate ("Exacq Technologies, Inc") to the TRAPS database so that it recognizes all the ".exe" with this certificate as correct and it is not necessary to upload them to Wildfire, since due to the size limitati

Removing peer from HA cluster

I have a pair of PA-3020s running 7.1.x in HA configuration. I need to remove the passive switch from the rack to be used in another location. What is the best way to disable the HA and delete the config from the active switch without risk of service

Interface in vsys

Hello

this may sound like a stupid question but i could not somehow find a definitive answer to this in the PAN OS Guide:

We have to configure a 3050 iun multi-vsys configuration. We would be needing 2 interfaces per vsys and we wil be having 2 vsys

Unstable ipsec detection for ipsec-esp-udp application when connecting Globalprotect VPN

We have a setup with a primary PA firewall 1 that pass through Globalprotect VPN traffic to a second PA firewall 2. We've seen sporadic connection problems when connecting a Globalprotect client. Sometimes it can spend up to 2 minutes to establish th

GlobalProtect install restrictions

Hi all

I was wondering if there was a way to restrict who can install the GlobalProtect client ?

As an example, at the moment if any user launches the gateway page can download and install the client on their own computer albeit they need an active ac

SSL decryption error

I had configured SSL decryption on PaloAlto VM-50 before 6-7 months ago. There was working normally till today. Today some users get below error when they want to enter site. There is shown “decrypt-cert-validation” message on PaloAlto traffic logs.