About HULK

Hello Gregoux, You could perform the steps as Hari informed before, else If you want to keep the local config and start it from scratch,  then you can segregate Panorama pushed config through CLI commands and remove them for the time being.: admin@DADA> show config > pushed-shared-policy   Shared policy pushed to the device > pushed-template        Template pushed to the device Thanks ... View more

As per my understanding, once you will select Peer type: dynamic, the firewall will prepare a negotiation in Aggressive mode. As you said before, the UTM-1 Edge does not support Aggressive mode, it could be a problem here. Could you please check "ikemgr.log" for detail information. Thanks ... View more

Hello Cjsteele, This DOc is also applicable for PAN OS 6.0.x. IPv6 Feature Support Matrix Thanks ... View more

Hello, It should not block, if you have configured the security policy with application " YouTube". Could you please let us know from Monitor >> Traffic logs : While the traffic is hitting the second rule, what application it is showing..? Is the first security policy is pretty open, i.e Source=any, destination =any, Application= acebook, linkedin, twitter and youtube and Service= Any, Action permit...? Thanks ... View more

Hello Jprices, I'd like to suggest to check with BrightCloud about the issue and need to verify if an outage at BrightCloud today had. Could you please run below mentioned command while trying to download BrightCloud database. > tail follow yes mp-log pan_bc_download.log Also try to verify the reachability to the BrightCLoud server from PAN firewall. ... View more

Hello Netsul, Could you please follow the doc Configuring route based IPSec with overlapping networks for the same. Specially the NAT part of the PAN firewall. Thanks ... View more

Hello Klaus, Could you please check system logs, HA-agent. log, ms.log for detail information for this incident. Thanks ... View more

Hello, You can select as "IP address" and put the local and remote interface IP address. This is just to verify the identity, hence you can put any IP address. Only keep in mind, the Local address here will the remote address for peer and vice versa. Thanks ... View more

We need to verify the ACC report/packer rate/packet buffer utilization during that before make a conclusion. In 6.0, there are many new feature has been implemented ( compare to previous platform release 5.0.x). Thanks ... View more

Hello ericgearhart, Could you please verify all processed all jobs during that time ( show job processed) and also make sure if dynamic-updates were scheduled during that time. Verify dp-monitor logs as per below mentioned discussion CPU stats As you have the time frame, when the CPU was spiking, you can actually use the ACC to see why it's doing so as what kind of traffic is causing CPU to spike up. Helpful commands for DP CPU troubleshooting: CLI> show running resource-monitor CLI> show session info CLI> show session meter CLI> Debug data-plane pool statistics CLI>> show counter global filter delta yes  >>>>>>>> Run this command 10 times with a 5 sec interval. Hope this helps. Thanks ... View more

Hello, The common method that i normally use, is the CLI command > show system state filter sys.s1.p*.detail How to check for CRC errors on an interface? For CRC error, you can verify the PAN OS Brdagent.log. Brdagent is the process that configures internal packet path components, interfaces, etc. It also monitors the links for problems. Thanks ... View more

Hello Amy, Could you please go through the below mentioned documents and try to find an another match which contains at least 7 Byte strings. Custom Application Signatures Thanks ... View more

FYI. PAN OS 6.0.1 - Addressed Issues 60816- Following an upgrade to PAN-OS 6.0.0, syslog connection status warnings for all defined syslog connections appeared in the system log every hour and were categorized as critical. This was caused by a scheduled hourly rotation of the syslog-ng log file, during which the syslog-ng daemon would restart. This issue has been fixed by adding a condition to the log file rotation process requiring the log file to be 10 MB or more and the connection status warning will only be seen once every few months. 60011-When a User ID Agent Setup template was pushed from Panorama to a managed device, the application content updates were not available for viewing or cloning in the syslog filters list in the web interface (Device > User Identification > User Mapping > User ID Agent Setup > Syslog Filters). Thanks ... View more