About Rham

Is the user-id bug with hyphens also fixed? How is this available, only on tac case? ... View more

Hello, some users say, that vMotion is possible, but for what i know, vMotion is officially not supported, might be interesting in a support case. Furthermore only HA-Lite is supported meaning no session sync. I would say a VM-Edition is useful for controlling traffic inside a datacenter or something similar, but for security reasons I would never use a vm as perimeter. ... View more

Hello, this might help you: PAN-OS 6.0 CEF Configuration Guide ... View more

Hello, this will help you. Re: How to Schedule Configuration Export How to Submit a Feature Request Regards ... View more

Hello jhickey, are you sure? Panorama should be able to forward logs to external devices (e.g. syslog). From Panorama Guide 6.0 p95: Panorama allows you to forward aggregated logs, email notifications, and SNMP traps to external servers. Forwarding logs from Panorama reduces the load on the firewalls and provides a reliable and streamlined approach to combine and forward syslogs/SNMP traps/email notifications to remote destinations. To forward device logs that are being collected on the Log Collector Group: Panorama > Collector Groups > Collector Log Forwarding tab Select the subtab for each log type: System, Config, Traffic, Threat, HIP Match and WildFire ... View more

Hello, you can search for CVEs here https://threatvault.paloaltonetworks.com/ There is already a Question about that CVE New Zero-Day Exploit targeting IE9-11 CVE-2014-1776 ... View more

Hello, maybe this helps you for your cisco device: Configuring the IPSec SA Idle Timer Globally To configure the IPSec SA idle timer globally, enter the crypto ipsec security-association idle-time command in global configuration mode as follows:  Router(config)# crypto ipsec security-association idle-time seconds  In this command, seconds specifies the time, in seconds, that the idle timer will allow an inactive peer to maintain an SA. Valid values range from 60 to 86400. Configuring the IPSec SA Idle Timer per Crypto Map   To configure the IPSec SA idle timer for a specified crypto map, use the set security-association idle-time command within a crypto map configuration beginning in global configuration mode : Command Purpose Step 1  Router(config)# crypto map map-name seq-number ipsec-isakmp Creates or modifies a crypto map entry and enters crypto map configuration mode. • map-name—Name that identifies the crypto map set. • seq-number—Sequence number you assign to the crypto map entry. Lower values have higher priority. • ipsec-isakmp—Indicates that IKE will be used to establish the IPSec security associations. Step 2  Router(config-crypto-map)# set security-association idle-time seconds Configures the IPSec SA idle timer. • seconds—Time, in seconds, that the idle timer will allow an inactive peer to maintain an SA. Valid values range from 60 to 86400. ... View more

Hello, best to start here User-ID Best Practices - PAN-OS 5.0, 6.0 ... View more

Hello, there is already a thread about Heartbleed OpenSSL Heartbleed bug: CVE-2014-0160 ... View more

Hello, I do not know if you mean that, but the hourly message is a bug in 6.0.0. 60816 Following an upgrade to PAN-OS 6.0.0, syslog connection status warnings for all defined syslog connections appeared in the system log every hour and were categorized as critical. This was caused by a scheduled hourly rotation of the syslog-ng log file, during which the syslog-ng daemon would restart. This issue has been fixed by adding a condition to the log file rotation process requiring the log file to be 10 MB or more and the connection status warning will only be seen once every few months. There are also some other comments concerning this Re: System Alert: high:Syslog connection established to server SYSTEM ALERT : high : Syslog connection established to server ... View more

Hello, this might help you: Migration Tool As far as I know, there is no direct access to the tool, you need to get it from your sales rep. ... View more