About ssharma

Hi Sarah, I would suggest putting the device in Vwire mode 1st. This will just be bump-in-the-wire deployment, where no L3 needs to be changed. In this scenario, you can utilize threat prevention, url filtering, user id capability, captive portal. This should not include any downtime. Once this is done and you have all visibility to your network and traffic, you can start building configuration on the device to mimic that of ASA or tmg. You can configure IPSec, routing, L3 (You are just configuring the device at this point, where as traffic is flowing normal). Once you verify, everything is configured the way you wanted, you can migrate from other device to PA (this will involve certain downtime but will be minimal). Hope this helps. Thank you. ... View more

Hi Greg, Do you still have the issue with PA 200 or is it resolved? Thank you. ... View more

Hi DYoung, Can you confirm if you are using AMD processor on you VM machine, if that is the case, we have a known issue that we have identified and the fix is scheduled to be in upcoming release. If you are not using AMD and are still seeing multiple crash I would suggest you to open a case with PA support to further analyze. Hope this helps. Thank you. ... View more

Hi Jeff, We are glad to assist you. Thank you. ... View more

Hi Itsbi, Output of Merlin is not a good sign. It is most probably drive issue. You can try factory reset or open a case with PA support to identify root case. Thank you. ... View more

We have an update for the treat with content update 457. Make sure you are running latest one (Device -> Dynamic Updates). Threat ID 36729 and default action is set to "Alert". You can change it to drop from Objects -> Vulnerability Protection -> Exceptions (check show signatures) and search for 36729 and change the action and commit. Hope this helps. Thank you. ... View more

Oh ok....do you have any other firewall or device in the path that might be blocking the traffic. In that case, we will need to sniff the traffic when its leaving the firewall's mgmt ip and see why ssl connection to pandb is not successful (look for fin, rst and see where it is coming from). ... View more

Hi Satish, Can you change it to inside or trust interface and do a commit. And notice if you still get the same error? Thank you ... View more

Hi Warner, We have an update for the treat with content update 457. Make sure you are running latest one (Device -> Dynamic Updates). Threat ID 36729 and default action is set to "Alert". You can change it to drop from Objects -> Vulnerability Protection -> Exceptions (check show signatures) and search for 36729 and change the action and commit. Hope this helps. Thank you. ... View more

Hi Satish, Are you using Management interface or Dataplane interface to get the get the update. This is configured under Device -> Setup -> Services -> Service Route configuration. From system logs it seems issue is with the ssl connection. There can be many variables causing the ssl failures. If you are using dataplane interface (external interface) to get the update, do you have deny any any rule. Also, could you please change your interfaces under Service Route Configuration for URL Updates. (For ex if you are using default, use external or internal interface) and Commit. Hope this helps. ... View more

Hi Rkra, Yes that will completely deny FTP application the moment we receive the 1st Syn. Policy will basically look for any traffic that is coming from Untrust to Trust on Port 20 and 21. Thank you. ... View more

Hi Rkra, If you are interested in running reports for specific application you can run query for those applications. Below is an example for VoIP_Report, where I am interested in looking at sessions and bytes for sip, rtp and rtcp traffic ((name eq sip) or (name eq rtp) or (name eq rtcp)). You can also use additional filters in "Selected Columns" to view more parameters. Hope this helps. Thank you. ... View more

You will need to go to configuration mode admin@PA-200> configure admin@PA-200# delete deviceconfig system syslog-certificate ... View more

Hi Bdunbar, If you are trying to delete the cert, then simply uncheck the Syslog option for the cert. Then delete it. It should work. Hope this helps. ... View more

Thank you for those output. I think we need to address why 67.151.x.x is showing up as internal zone. Could you please send us the output of show routing route. Thank you. ... View more