PA upgrade problems

Hi, we have a cluster with PANOS 7.0.6, we want to upgrade to 7.1.8. In a similiar upgrading path we were affected for a bug related to VPN, which was applying when you jump to 7.1.0 an then 7.1.8. So we would need to jump directly to 7.1.8.

On the a

Panorama API commit

Is the commit-all API command in Panorama equal to the commit to Panorama shown in GUI.

Qos question

Hi,

Let's say user wathing youtube , to limit the user's traffic ,
do we need to create qos profile for upload and download ?
Thanks

PA-200 FYI

I haven't seen this mentioned so I thought I would put it out there quick. Palo Alto has identified an issue with PA-200 units with the serial numbers ange 001606044723 to 001606075266 that have SSDs that do not meet their standards. If you have an e

Forward segments exceeding TCP content inspection queue

Hi,

On a new PA-3020 Firewallcluster I decided to disable the default setting "Forward segments exceeding TCP content inspection queue". Practically everything was working as it should. But onfortunately the devil is in the details. I had very few co

New URL filtering category/feature for new domains (less then 24hr)

Please vote if you see this useful.

This would enable a category that would scope domains deployed with a life-time less then 24hrs. 

Block new Domains created under 24 hour Block new Domains created under 24 hours old
FR ID: 7321

Adding a section title to a group of rules

Hello,

is there a way of adding a title/header to a group of rules in order to create some logical structure/grouping in the rule set?

In Checkpoint this is possible and we find that it helps keeping a big ruleset organised.

Thank you.

Whats wrong with my xpath??

Hi all, trying to delete a single object from a static address-group. Why does it keep deleting entire group?? My syntax below:

https://x.x.x.x/api/?type=config&action=delete&key=LUFRPT1BeWFJamVEYmdUV0JXZTdjNlFzOUMzdmhOaXM9RkdEb0lMT1g1WVNhMk9mL3&xpa

Using unlicensed VM100.

I have a VM-100 on VMWare ESXi running 7.0.4 . The demo license has expired for VM.

Would I be able to us it for testing still ( not using any url,threat features). I am see speed issue from trust to untrust

and traffic just trickles.

How can I get dual ISP with DUAL IPSEC Tunnel to work with static routes and no tunnel monitor?

HI,

How can I get dual ISP with DUAL IPSEC Tunnel to work with static routes and no tunnel monitor? I want the IPSEC tunnel to only failover when the primary circuit goes down. Problem I am having is the static route metrics is not taking over when t

FQDN jobs FAILED

Hi,

We have added several FQDN objects and its not working. If we run

update.symantec.com (Objectname update.symantec.com):

Not resolved

us.archive.ubuntu.com (Objectname us.archive.ubuntu.com):

Not used

xxxxxxx (Objectname HOST_xxxx13):

Not resolved

2017