About mgillette

Hi All,   We have just had an interesting experience when trying to migrate to version 8.1.11-h1. Basically what appears to happen is the firewall is thrown into a boot loop. We just have a single 5020 - no HA and all the normal lights come on after a reboot, the STS light is amber for about 30 seconds or so and then the lights turn off - rinse and repeat.   After about 30 mins or so I was presented with the maintenance window  - when I connected via serial console and was able to downgrade to version 7.1.18 again. Then I decided to try the base 8.0.0 release, the exact same issue occured only this time I didn't wait 30ish minutes to downgrade - I gave it 5 boot loops and called time on it.   When 8.0 was relased I did download that in preparation for the move, so I'm just wondering if over time (and a few version 7 upgrades) that something corrupted this image perhaps?   How have you guys gone with upgrading to version 8? any tips on where I can go from here?    Thanks! ... View more

Hi PAN Community,   I work for a school and we have issues with student VPN use - specifically x-vpn, hotspot shield etc. We have rules in place that take care of the proxies and standard VPN applications and have SSL decryption and URL blocks in place for stuff we don't want students to access ie, pornography.   I found the following reddit post which details similar issues: https://www.reddit.com/r/paloaltonetworks/comments/6ydcw7/how_are_you_all_blocking_personal_vpns_like_nord/   Which seems to suggest blocking ip ranges. Before I go that far, I thought I'd ask the community to see if anyone else has encountered something similar.   Cheers! ... View more

Hi There,   We have a hosted mitel voice solution that we are seeing call quality issues in the inbound direction, ie calls in. I am attempting to troubleshoot this with our provider and they are seeing SDP attributes being added from our firewall.   I'm relatively new to the voice game so please excuse the ignorance! I have disabled SIP ALG and applied QOS as suggested here https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/quality-of-service/use-case-qos-for-voice-and-video-applications    Setup looks like:   PAN ---------------- Ubiquiti Edgerouter Pro --------------- ISP juniper   I'm at a bit of a loss as to where to look next - just as a test I spun up a freepbx system and connected a phone to that and am able to make calls inbound and out without issues so I am confident that the firewall is classifying everything and rules are doing what they should.   I should add theat the issues are only with softphones, we have mitel branded handsets and cisco ATA's that don't have issues with inbound quality.   So the question would be, what would add the SDP attribute and where should I look to resolve this?   Thanks in advance         ... View more

Hi All, I have an issue with SSL decryption and using the inbuilt CA. What appears to happen is that various parts of SSL websites don't trust the CA on the palo alto and as a consequence sites do not load fully and report various certificate issues. This is what https facebook looks like: The corresponding browser complaints: I'm running the very latest OS 4.1.6 but I was running 4.1.3 and this problem was evident then as well. I've tried uploading a trusted certificate from rapidssl and I don't get the option to select that is a valid certificate for a forward SSL proxy which is understandable as I don't have a key. So I'm obviously doing something wrong - whats the accepted procedure to get this up and running? Thanks in advance for your help ... View more