About HULK

Thanks for your update. You may check authd (authentication daemon) logs from FW CLI during next occurrence. Thanks ... View more

Hello, You have only created an another VSYS on this PAN FW or configured the second VSYS with some interface and routing etc....? This Doc might help you to understand NAT and policy in multy VSYS environment:  How to Set Up Shared Gateway and Inter VSYS Thanks ... View more

Hello Darren, This DOC may help you to import Logs into PAN FW. CLI Commands to Export/Import Configuration and Log Files Else, PAN support engineer would be able to copy the logdb file into the proper directory. Thanks ... View more

Hello Darren, Which Platform it is...? In PAN-5000 platform with RAID enabled, can recover old logs from the HDD. Thanks ... View more

Support will be able to track the serial number by auth codes. Please open a ticket with PAN support. Thanks ... View more

Hello Zoumana, Contact with support and they will be able to do a back end transfer of the VM serial number if you move to a new  virtual machine or a new partition. You need to provide the VM serial number and the new CPUID / UUID. This information will appear on the Dashboard under General Information of the VM firewall.  Once the back-end task will be done, then you can follow below mentioned steps: 1. Login to the Support Portal 2. Go to My Devices 3. Search for the serial number. 4. Click PA-VM to download the license key to a laptop. 5. Manually upload the license key on the new VM. 6. Reboot the VM. 7. Retrieve the license keys – Device tab>Licenses > Retrieve license keys from server. Hope this helps. Thanks ... View more

Hello Velmurugan, If the device running PAN OS version 6.0.x, there is an option to disable to SIP ALG ( Application layer gateway), which effectively skip the layer 7 inspection. How to Disable SIP ALG Thanks ... View more

Hello Salahuddin, With the help of >test NAT policy ...........  command, you will be able to verify configured NAT policy on the PAN firewall. But, if you have an existing session on the PAN firewall and you want to identify, packet is executing by  which NAT policy, then apply CLI command  >show session all filter source <source IP> destination <destination IP>. This command will give you an ID. >show session ID XYZ  >>>>>>>>>>>> This command output will show in detail information i.e NAT-policy name, security policy name, PBF, Source interface, destination interface etc. For an example: admin@DADA> show session all filter source 192.168.2.29 destination 69.171.245.49 -------------------------------------------------------------------------------- ID          Application    State   Type Flag  Src[Sport]/Zone/Proto (translated IP[Port]) Vsys                                          Dst[Dport]/Zone (translated IP[Port]) -------------------------------------------------------------------------------- 1690         facebook-base  ACTIVE  FLOW  NS   192.168.2.29[49365]/Trust-LAN/6  (192.168.1.75[19914]) vsys1                                          69.171.245.49[443]/Untrust-ISP  (69.171.245.49[443]) admin@DADA> show session id 1690         c2s flow: -------------------------> Client to Server flow                 source:      192.168.2.29 [Trust-LAN] --------> SourceIP/ security Zone                 dst:         69.171.245.49 ---------------> Destination IP                 proto:       6                 sport:       49365           dport:      443 ----------------> Port                 state:       ACTIVE          type:       FLOW                 src user:    unknown                 dst user:    unknown         s2c flow: ------------------> Server to client flow.                 source:      69.171.245.49 [Untrust-ISP]                 dst:         192.168.1.75                 proto:       6                 sport:       443             dport:      19914                 state:       ACTIVE          type:       FLOW                 src user:    unknown                 dst user:    unknown         start time                    : Thu Jul  3 02:21:24 2014         timeout                       : 3600 sec         time to live                  : 3161 sec         total byte count(c2s)         : 9640         total byte count(s2c)         : 11932         layer7 packet count(c2s)      : 94         layer7 packet count(s2c)      : 93         vsys                          : vsys1         application                   : facebook-base         rule                          : LAN-ISP --------------------> Security rule         session to be logged at end   : True         session in session ager       : True         session synced from HA peer   : False         address/port translation      : source + destination         nat-rule                      : Source-NAT(vsys1)  ------------------> NAT rule name         layer7 processing             : completed         URL filtering enabled         : True         URL category                  : social-networking         session via syn-cookies       : False         session terminated on host    : False         session traverses tunnel      : False         captive portal session        : False         ingress interface             : ethernet1/2 ----------> Incoming interface         egress interface              : ethernet1/1 ----------> Outgoing interface         session QoS rule              : N/A (class 4)         tracker stage l7proc          : ctd decoder bypass Hope this helps. Thanks ... View more

Hello Aamir, Could you please let us know the PAN OS version running on this PAN firewall and is the  username contains non-alphanumeric characters such as "/"...? Thanks ... View more

Example from GUI: Thanks ... View more

Hello Michel, A packet capture would give you more insight about the SSL handshake. Thanks ... View more

Hello Michel, There are some applications that do not play nice when decryption is turned on, on the PA firewall. Here is a document with a list of the applications we've already identified that should be excluded from decryption: List of Applications Excluded from SSL Decryption Thanks ... View more

Lets try with these available contexts: This doc will give you some guideline too: Custom Application Signatures Thanks ... View more

Hello Dvu5103, You can create a custom signature for the same: For an example: ----Go to Object > Custom Objects > Vulnerability and click Add ( Set default action to "alert") ----Go to the Custom Vulnerability Signature > Signatures tab and click Add ----In the window that appears, create a custom signature with 'And condition'. ---In the Standard window, click 'Add Or Condition' and set 'Operator to Greater Than' ---Set an appropriate context. ----You can add this profile in a security profile. You can post a request to our development team ( Dev-Center), they will be able to help you for the same, else contact with your Palo Alto Networks SE, he will guide you. Thanks. ... View more

Hello Infotech, Please use CLI command: > show log system subtype equal vpn Sample output: 2014/02/04 10:29:42 info     vpn     ASA    ike-neg 0  IKE phase-1 negotiation is succeeded as initiator, main mode. Established SA: 10.66.24.40[500]-10.66.2 4.9[500] cookie:a34a2c0783841e70:43259ffd7e304ad6 lifetime 28800 Sec. Thanks ... View more