Removing interfaces off a VM-series HA pair

As per title, functionally, this is easy to do.

1. Shut VM down.

2. Remove interfaces from virt solution configuration for the VM

3. Power up. 

4. All is well.

But, in a PAN VM-series HA pair... I'm worried that I might have to shut both down AT THE SAME

Import from xml of a 2 vsys system

I have an xml config export from a PoC system that had 2 vsys configured. Is there a way to peel out one of the vsys configurations from the xml and import vsys1 only?

url-filtering

Hi,

In url filtering adult-and-pornography blocked . But la-xxx.com can accesible
xxx.com not blocked

1)
test url la-xxx.com

la-xxx.com adult-and-pornography (Dynamic db)

2)
test url xxx.com

xxx.com adult-and-pornography (Base db)

other info
----------

show ur

Two L3 interfaces on One Zone

 Hi,

in the setup of the above diagram , I need to run OSPF on Paloalto between two Core-SWs, so I have to create two L3 interfaces  Point to Point with the two SWs.

the two core-SW is considered as inside for me , so from the prespective of routi

how to add my own bulk IOCs into Minemeld

Trying to find a way to do this with some of the miners but it seems that you can only add 1 indicator at a time.

Syslog Miner different confidence values.

Is there the way to separate traffic and threat logs from syslog miner to be directed to diferent outputs based on confidence. What i mean is something like that in rules:

conditions:
  - type == 'THREAT'
fields:
  - misc
  - url_idx
indicators:
  - src_tra

Troubleshooting ipsec tunnel setup.

I have setup ipsec between PA200 and cisco device. When trying to bring tunnel up not even able to establish phase1.

Getting following errors in logs. I have keyed in pre-shared key again on both the sides.

ikev2-nego-child-start:'IKEv2 child SA negot

Globalprotect - User-ID - missing domain prefix - group mapping not working

Hi

I have been trying to get User-id / Group mapping to work in one of our installations but without any luck

Tried both Radius and LDAP authentication.

I do see User-ID / IP mapping - but the domain prefix is missing.

"10.253.250.1 vsys1 GP sensagummi

GlobalProtect client upgrade "Prompt" file location?

We are using the GlobalProtect Agent Upgrade Process "prompt" method to upgrade our users GP client. We are having issues with our last version upgrade to GP 3.1.1 on all of our PAN firewalls, where some of our clients get this message - "The program

Can i configure duplicate IP's in seperate interaces in seperate VR on a single VSYS or seperate VSY

hi,

am i a able to configure same private address on seperate sub-interfaces on 2 different VR's.

VR can be part of same VYS or seperate VSYS.

We have purchased PA-7050.

PA drops traffic apparently without NO REASON

Hi All,

I have PA 2050 with panOS version --> 7.0.9

I have two rules:

Rule 4 --> Permit for svc-casse application as (ssl, ms-updated ecc)

Rule 5 --> Cleanup for svc-casse

That's the situation check :

RULESLOG

Really really strange behavior I never seen