About BPry

@selvin.bkng, Personally hadn't seen that this was a bug in the beta on any of my installations, thanks for sharing the thread.  ... View more

@AllanRaskin, That's not really a thing with static route monitoring. You could set an artificially high preemptive hold timer which would prevent that failover until the link has been stable. This is slightly limited, but since it can be up to 1,440 minutes that really shouldn't be that much of an issue.  ... View more

@tom.mccomb, Do you have an option of creating a version of the site that works internally without the reCaptcha? The last time I looked into this issue I wasn't able to come up with a good solution that worked consistently.   ... View more

@marcoiac, 5.1 and 5.2 builds of the agent are working fine on Big Sur. If your university is still pushing out 5.0 agents the only "fix" is that they publish a newer agent or you otherwise gain access to a newer release of the agent. Your university IT staff can supply the proper PKG of a newer agent, but presently the license agreement doesn't allow me to share those files with you.  ... View more

@Joshan_Lakhani, I'm not aware that PAN has an internal bug report for this yet; I simply verified the behavior across multiple lab instances running 9.1.2 through 9.1.4 to see if I could replicate the behavior. Since we can replicate the behavior and we know that it worked in 9.0 properly, it's a bug that appears to have been introduced in 9.1.  If you aren't planning on opening a bug report please let me know so that I can open one with TAC. ... View more

@Sergio_Gonzalez, Contact your IT department. It sounds like they may have let the portal certificate expire.    ... View more

@Joshan_Lakhani, This appears to be a bug in 9.1.3-h1 and 9.1.4. I would open a TAC case and report it, but the query isn't accepting eq as an operator anymore.  ... View more

@jonathan_andrew, You really haven't given us anything to help you if you aren't supplying the relevant security or nat rulebase entries.    What are your logs showing you when you attempt to access the resource. Are you seeing traffic hit your nat statement or your security rulebase entry, or is the firewall just not even seeing anything come across?    ... View more

@AndrewPaloAlto, App-IDs are a collection of identifiable information (traffic signatures, protocol decoding, heuristics) which is able to identify traffic to a particular application without relying solely on port information like in older L4 deployments. These are updating constantly because the applications themselves don't stay the same, or PAN removes false-positives or expands coverage of an app-id so that it properly identifies even more traffic.  An example on why this can cause an outage would be if I configured a security rulebase entry that allowed the app-id SSL over a service object that maps to tcp/636. If a future content update expands coverage of the app-id ldap so that it starts matching traffic within my environment, I would no longer have a security rulebase entry that would allow the traffic to pass. IE: A rule allowing ssl on tcp/636 wouldn't allow traffic being identified as ldap on tcp/636 because the rule no longer matches the traffic.    If I have a few rules in place regarding allowing some configured alerts, are those configured alerts considered App-IDs? This question is unclear in what you are actually asking. What exactly do you mean when you say that you have rules in place regarding allowing some configured alerts? Configured alerts for what, the firewall or some industrial equipment? App-IDs are the applications that you specify within the security rulebase entires; some of these are application containers which are made from multiple individual app-ids, but that's getting slightly into the weeds of things.  ... View more