Running 11.1.2 in production

Hi everyone

I read that 11.1.2 is now the preferred release for 34xx, and desiring to upgrade due to some of the new features, I find myself concerned about this known issue:

PAN-224763 - A TDB engine version mismatch issue affecting all firewalls,

NIPS

How do we identify NIPS logs among Paloalto Firewall logs ?

Firewalls communicating to public IPs on Management Interface

We are currently seeing the Management Plane of our Palo Alto Firewalls communicating to the following IP-Addresses:

• 34.96.84.34
• 107.178.249.217
• 35.238.108.32 

This communication occurs on different Platforms. We see more activity since PAN-OS 10, curr

AWS-Palo VPN Phase-2 Rekeying

HI Team

We have an issue with AWS Site to Site VPN, where we can see continuous rekeying of Phase-2 tunnels. It's a PA-3220 HA pair. It started happening recently as we can see previously the rekey did happen only after the Lifetime expired (Phase-

Can't use existing 'Object Group' in new Policies on 11.1.2

I'm converting from ASA to the PA 3410 running 11.1.2 code.
I am frustrated by the fact that every time I write a new policy/rule, I cannot use an already established 'Object Group' as the code forces me to make yet another new "Obj Group' even if it

Need to upgrade PA 440 Firewall

I need to upgrade PA 440 from the software version 10.1.6-h6 to version 10.2.8 can you please provide me the plan.

Palo Alto PA 5220 running on 10.1.10 H2 is not mounting /dev/sd9 partition

When we booted up the firewall we're getting an error that AutoCommit failed to complete. This was seen while mounting the raid partitions, specifically /dev/sd9. After referring the documentation existing on Palo Alto community, in the link https://

Show IPsec tunnle uptime duration

how we can check IPsec tunnel uptime duration on PA as like on ASA we can see using show vpn-sessiondb detail l2l.

Regards,

Sufiyan

Planning to set the API key lifetime rotation - Authentication settings

Hi Team,

I have configured the API key lifetime which is set to never expire. Based on the advisories I am planning to set the key lifetime rotation.

The question comes to my mind is, if I setup the key lifetime rotation will it impact the existing

IPsec tunnel PA-Forcepoint Up but no traffic passing through

Hi ,

I'm configuring an ipsec tunnel between PA-5410  (route based )and Forcepoint Firewall (policy based), and showing up but when i try to ping from LAN-to-LAN i could not recieve any trafic or logs . from system log,

 ""PSec key deleted. Deleted

SIP TRunk over PA6-440 not working

Hi

we have just migrated from Cisco ASA to palo alto 440 firewall

we have a SIP trunk between IP telephony server CUCM installed on our site and another installed on remote site

the communication is done over a tunnel ipsec VPN

from our site we can p