url-filtering

Hi,

In url filtering adult-and-pornography blocked . But la-xxx.com can accesible
xxx.com not blocked

1)
test url la-xxx.com

la-xxx.com adult-and-pornography (Dynamic db)

2)
test url xxx.com

xxx.com adult-and-pornography (Base db)

other info
----------

show ur

Two L3 interfaces on One Zone

 Hi,

in the setup of the above diagram , I need to run OSPF on Paloalto between two Core-SWs, so I have to create two L3 interfaces  Point to Point with the two SWs.

the two core-SW is considered as inside for me , so from the prespective of routi

how to add my own bulk IOCs into Minemeld

Trying to find a way to do this with some of the miners but it seems that you can only add 1 indicator at a time.

Syslog Miner different confidence values.

Is there the way to separate traffic and threat logs from syslog miner to be directed to diferent outputs based on confidence. What i mean is something like that in rules:

conditions:
  - type == 'THREAT'
fields:
  - misc
  - url_idx
indicators:
  - src_tra

Troubleshooting ipsec tunnel setup.

I have setup ipsec between PA200 and cisco device. When trying to bring tunnel up not even able to establish phase1.

Getting following errors in logs. I have keyed in pre-shared key again on both the sides.

ikev2-nego-child-start:'IKEv2 child SA negot

Globalprotect - User-ID - missing domain prefix - group mapping not working

Hi

I have been trying to get User-id / Group mapping to work in one of our installations but without any luck

Tried both Radius and LDAP authentication.

I do see User-ID / IP mapping - but the domain prefix is missing.

"10.253.250.1 vsys1 GP sensagummi

GlobalProtect client upgrade "Prompt" file location?

We are using the GlobalProtect Agent Upgrade Process "prompt" method to upgrade our users GP client. We are having issues with our last version upgrade to GP 3.1.1 on all of our PAN firewalls, where some of our clients get this message - "The program

Can i configure duplicate IP's in seperate interaces in seperate VR on a single VSYS or seperate VSY

hi,

am i a able to configure same private address on seperate sub-interfaces on 2 different VR's.

VR can be part of same VYS or seperate VSYS.

We have purchased PA-7050.

PA drops traffic apparently without NO REASON

Hi All,

I have PA 2050 with panOS version --> 7.0.9

I have two rules:

Rule 4 --> Permit for svc-casse application as (ssl, ms-updated ecc)

Rule 5 --> Cleanup for svc-casse

That's the situation check :

RULESLOG

Really really strange behavior I never seen

Info Wildefire analysis and wildefire in antivirus profile

Hai all

after the upgrade to new version of pan os(7.0.13) i found some difference in security profile. Can you help me to understand the difference between:

- Security Profile > Antivirus > wildefire action

- Security Profile > Wildefire Analysis

is A

Application Filtering and Basic Setup

Hi All,

I would like to ask the FF.

1. I want to use Application filtering but permits web browsing.

         - Enabled App filtering, Permit Web-browsing, SSL and DNS but I can't browse and launch any website. Any idea how to permit only browsing on