About mbutt

That is correct it is a feature of 6.0 release. Thanks Numan ... View more

If you need to setup links to two separate firewalls then you will need to configure active active HA. Here is a guide that explains the deployment scenarios Configuring Active/Active HA PAN-OS 4.0 Please ensure that you are not trying to get double capacity by using Active Active because if you have a failure of a device a single device will not be able to hold the load of two firewalls. Hope this helps. Thanks Numan ... View more

Here is a doc that explains on how to exempt an ip address from threat profile How To Add Exempt IP Addresses From the Threat Monitor Logs You can use the above doc so it will not scan that. Here is another useful doc regarding threat prevention. Threat Prevention Deployment Tech Note Let us know if this helps. Thanks Numan ... View more

Hi Chris, As i recall similar issue has been seen and are fixed in 6.0.x code. Here is the bug detail from the release notes of 6.0.x 56107—Addressed dataplane restarts that occurred intermittently on the PA-3000 Series devices deployed in an HA configuration. Thank you Numan ... View more

If you have 6.0 installed software you can use a new find CLI command to find any command with the key word. Here is an example §admin@PA-500> find command keyword   CLI keyword <Enter>   Finish input admin@PA-500> find command keyword fpga debug device-server set configbasic|tdb|fpga|all> debug device-server unset configbasic|tdb|fpga|all> §Find configurations in configure mode admin@PA-500# find command keyword "asymmetric“ set deviceconfigtcpdrop|bypass> set network profiles zone-protection-profile <name> asymmetric-path <global|drop|bypass> This will reduce the use of the CLI guide and also help in finding relative commands quickly. Hope this helps you with the usability question. Thanks Numan ... View more

Below are the docs related to the above questions. Dual ISP Branch Office Configuration How to Configure Dual ISP Network with GlobalProtect VPN using 1 Virtual Router and Policy Based Forwarding How to Setup a Palo Alto Networks Firewall with Dual ISPs and Automatic VPN Failover Dual ISP with dual GlobalProtect portal and gateway Let us know if they resolved or helped you configure. Thanks Numan ... View more

When creating a Inbound NAT make sure that you source address is the address of where the traffic is coming from. In this case of the camera. Your destination address is the public interface IP on the palo alto firewall. Since you have them hidden and not described in the above question not sure if that is what you are doing. Please confirm that. Following document from page 15 explains different destination NAT scenarios. Understanding PAN-OS NAT Please let us know if this helps. Thank you Numan ... View more

To be sure have you added the users in or groups in the security policies on the firewall. If you have not done that then you can create security policies with the users groups or users and restrict access for the other users. Example of the policy with user groups defined is below Thank you Numan ... View more

Following doc explains on different Decryption Certs SSL Decryption Certificates Hope this helps. Thanks Numan ... View more

Since i was on later version. I am not sure if there is a bug on 5.0.6 or not but when i tested in the lab on the latest version it was working. Is it possible that you can upgrade and see if the issue gets resolves. Let us know if upgrading helps. Thanks Numan ... View more

Hello, If you go to live.paloaltonetworks.com login then select documentation on the left tabs then click on categories Enterprise SNMP MIBS you will see MIBS for different PANOS versions or you can also try clicking on the following link to see if it takes you directly to that page and select mibs Documentation Let us know if this helps. Thanks Numan ... View more

Below are the steps that i would take to troubleshoot but be sure to turn off all the debugging after you are done. Since this is CPU intensive and make sure setup filter on traffic that you are interested in debugging. Hope this helps. Thanks Numan 1. Need to setup the filters for the traffic we are interested in. To do this, execute the following steps: Navigate to Monitor--Packet Capture Click 'Manage Filters' Set Filter ID 1 to be the source IP and destination IP of traffic you feel is affected ( leave all other fields blank ) Set Filter ID 2 to be the exact inverse of what you did in step 3 (destination IP in source field, Source IP in destination field) 2. Setup up the captures Create and name the file stage for a packet capture on all the stages (receive, transmit, firewall and drop) 3. setup the flow basic debug dataplane packet-diag set log feature flow basic debug dataplane packet-diag set log feature ctd basic 4. Clear old logs flow basic logs debug dataplane packet-diag clear log log 5. Enable filters, captures and logs debug dataplane packet-diag set filter on debug dataplane packet-diag set capture on debug dataplane packet-diag set log on 6. open 3 CLI windows on 1 run the following command to look at the counter ( make sure it run this command once before running the traffic) show counter global filter packet-filter yes delta yes on the 2nd window run the following command to look at he sessions show session all filter source <ip address> destination <ip address> On the 3rd window run the tail for the flow basic tail follow yes dp-log pan_task_* 7. Now run the test  while it fails . 8. Turn off all the debugging that was enabled debug dataplane packet-diag set log off debug dataplane packet-diag set filter off debug dataplane packet-diag set capture off 9. Aggregate the flow basic logs CLI command (be sure to do this AFTER disabling the data plane debug logging such as flow basic): debug dataplane packet-diag aggregate-logs ... View more

Following document provides step by step instructions on how to submit category change on PANDB How to Submit a Mis-Categorized URL for PAN-DB Let us know if this helps. Thanks Numan ... View more

Yup hence the question did the firewall switch over. Thanks Numan ... View more