Proxy id between Palo Alto firewall and Cisco ASA

Hello Experts

PA side there are two subnets: 10.0.1.0/24, 10.0.2.0/24 and Cisco side there are also three subnets 172.16.1.0/24 , 172.16.2.0/24.

On PA firewall, I defined the proxy-id as below:

proxy-id1: local: 10.0.1.0/24 remote: 172.16.1.0/24 

proxy

Blocking Bittorrent

I have setup two rules for blocking bittorrent on a particular zone.  First rule is set to Deny Trust to Untrust using an application filter built with P2P applications.  Second rule is set to Deny Untrust to Trust using the same application filter. 

Please explain the PanDB/Brightcloud's category “not-resolved”？

Hi,Guys: I found the category "Not-resolved" in device GUI(Both Pandb and Brightcloud), I searched it in paloaltonetworks.com and brightcloud.com website, But could not get any description about it. Any guy explain it ? Thanks Victor.Bai

Adding NAT rule order in Panorama cli

Hi all,

I am looking to add around 60+ NAT rules for monitoring over IPsec that requires a policy NAT. I need to have them above another rule in the list for it to work. It is a very messy NAT list that I don't have the freedom to clean up. The NAT e

PA allowing IM (viber,line,zalo) | PA policy process

Hi,

target is to allow im apps but modify categires.

I have created a policy allowing IM and modify most categories as block. 

Policy sample:

Policy is SRC: 192.168.x.x | DST: any | Srv: any | App: IM (viberbased,im,googlebased,ssl) | Url:BLK_CATEG

BL

URL Filter vs. Type in firewall?

Does the URL filter at urlfiltering.paloaltonetworks.com have anything to do with how a Palo Alto firewall classifies the 'type' of site?

I noticed that there are some sites that our firewall classifies as 'spyware' that the URL filtering site classif

Global protect error certificate

Hi,

We are having problems with globalprotect. We have tried installing several GP client versions 2.3.1,2.3.5 and 3.1.3 but the result is the same.

We cant connect using Windows or MAC, we receive a certificate error.

We read in the KB paloalto that c

How to blok vbs file into zip file?

Hello, I am getting lot of files (worms) through smtp as vbs file which are put to zip file. This zip file is not encrypted. How can I block this threat.?

GlobalProtect : Need a VPN that separates users into different VLANs; is this possible w/o Panorama?

I need my client VPN to support different vlans based upon authentication to either Microsoft NPS or LDAP groups.
I want a different vlan/IP assigned to the user depending on which group in Active Directory they are in.

Is this configuration possible w