About MikeSangray2019

Did you submit a feature request for this? I am working on a project with the same need - multiple forward trust certificates. ... View more

Working on this again, still no change in behavior. Does anyone know if this has been addressed in any 9.1 or 10.x releases? The log format changes based on if Default logging or Custom Format is used, so the sourcetype isn't set correctly (Splunk).   DEFAULT (sourcetype is set to pan:config, this is correct and working, but no before/after change detail) <14>Aug 15 14:06:53 PA-1 1,2022/08/15 14:06:53,016201015409,CONFIG,0,0,2022/08/15 14:06:53,192.168.1.10,,edit,adminacct,Web,Succeeded, vsys vsys1 address configlog_testobj,24838,0x0,0,0,0,0,,PA-AMA-Pri,0,   CUSTOM FORMAT (sourcetype is set to pan:log, the before/after change detail is present, but the sourcetype is wrong) <14>Aug 15 14:18:57 PA-1 0x0 adminacct "configlog_testobj { description ""test change 90""; } " "configlog_testobj { description ""test change 80""; } " Aug 15 2022 19:18:57 GMT Aug 15 2022 19:18:57 GMT Web edit PA-AMA-Pri 192.168.1.10 vsys vsys1 address configlog_testobj 2022/08/15 14:18:57 Succeeded 9.1.12-h3 24843 016201015409 0 2022/08/15 14:18:57 CONFIG ... View more

Can I use a sub-interface for service routes as well? ... View more

It looks like it's more than just an iPad. It's both iOS and Android devices. They are triggering the host sweep alert when communicating with Internet addresses which appear legitimate, so this is either OS or app traffic. I do know that if it's not successful (blocked by the firewall) the device may not function correctly as it can't confirm an Internet connection. ... View more

That's not working. As I noted in my update I have tried setting a custom log. Doing this changes the way the logs are parsed either with pan:config or pan:log. " When I set a custom log format and test changing an object name on the firewall, the logs are parsed as pan:log (not pan:config) and I can see the change detail in the raw event message, but now I've lost the other fields since it was parsed as pan:log."   Does anyone have this working? I want to believe this is just something with my config that I can fix, but I haven't seen many posts that this works for others. ... View more

Closer, but still seeing an issue.   Firewall config events are being parsed as pan:config, but without before and after change details. Other details are included, but before and after change details are both 0.   When I set a custom log format and test changing an object name on the firewall, the logs are parsed as pan:log (not pan:config) and I can see the change detail in the raw event message, but now I've lost the other fields since it was parsed as pan:log. ... View more

Same issue on a pair of 3320s. Rebooted the passive firewall, but no change, still red. ... View more

So Option 2 sending to both Splunk and Panorama is feasible and not a strain on the firewalls? If so, then this is the option I'm leaning toward since it would help provide another layer of redundancy for log shipping. ... View more

I understand the path, my question is about HA.   Can I upgrade one of the firewalls all the way to 9.1 and then upgrade the second firewall to 9.1 or do I have to do one to 9.0, then the second to 9.0, and then upgrade to 9.1 on the first and then 9.1 on the second. ... View more