I've got a Win7-x86 VM but it's running IE9. With that in place, I am still passing 10/10. Still not running a 2000-series box with 4.1.7, though. It may be a little while until I can run a test with that specific firewall and version.
I've seen several times that on 4.1.x, with IPv6 traffic, application detection doesn't always seem to work correctly.
Youtube traffic is usually unknown-tcp, and may only be detected as youtube after several hundreds of MB's transferred.
Doesn't look like this will be solved with an application update and may need an OS update .......
Hopefully IPv6 will be better supported on Version 5 (application-id, user-id etc.)
I spun up a Windows 7 x64 VM (completely unpatched) running IE8.
Tests run great. I get 10/10 (and I ran it multiple times). This is also from a 4.1.7 PAN-OS firewall, although not a PA2000.
I'm not sure when I'll have a chance to try this with a PA2000, but if the oppty comes up I'll give it a go.
Updated PA-2020 to 4.1.8.. No change
Updated Windows 7 32-bit to Service Pack 1; No change
Updated IE8 to IE9; No change.
Installed Chrome. Same effect as IE8/IE9.
If I run Firefox 15.0.1, the test succeeds. If I run either IE8/IE9 or Chrome within 30 seconds, they pass the test.
I've shown that ICMPv6 Packet too big messages only pass though the 2020 when Firefox is used; and for about 30 seconds thereafter. So I assume the issue is in the http decoder.
Installed Opera. Passes the test.
Installed Safari. Fails consistently.
I noticed the User-Agent header was longer on the failed tests. I enabled the Developer feature on Safari. Changed the User-Agent to Firefox 4 on Windows.
Safari succeeds when it impersonates Firefox.
I've had a chance to try this with PA5000 and also PA500, with 4.1.7 and 4.1.8. Using Win7x64 with IE8, I can't make it fail. It's either something about the PA2000 or something in your environment. I'll keep looking for a 2000 to try this out with.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!