General Topics

Service settings in a NAT

I ran across this setting this morning- when setting up a NAT rule, you can specify a service or service group. Cool, but is there a reason to do that when a policy is necessary to open a service port?

Error Checking credentials - Gateway Timed out

Hi There,

  I have installed Minemeld on my Ubuntu Server 14.04.. And the service is up and running.. Wheneve I use the default Username and Password to logon to the console, it gives me an error "Error Checking credentials - gateway timed out".. I ha

Management server failed to send phase 1 to client dhcpd

My HA is not in sync because I am getting above error message. 

Are there like basic troublehsooting steps/docs which I can do?

Global protect authentication LDAP not working fine

Hi, we have GlobalProtect configured using a LDAP group for authentication in the VPN "cn=groupvpnusers,ou=_generic_groups,dc=it,dc=xxxx,dc=local"

When we commit this new config using vpn group in Auth profile, the GP authenticacion is working fine b

Discussion on most stable PAN-OS image as of July 2016

I am going through some cleanup of our PAN firewalls. We have 8 sites with active/standby pairs of PAN's. The sites are connected with IPSEC VPN's. The code varies from 6.0.3 to 7.0.4 versions.

What's your feeling on the most stable 7.X code as of no

VPN question

Hey there,

I was curious if anyone successfully used another VPN client on their IOS or Andriod device that works.  I was told that with X-Auth/IP-Sec the Cisco Anyconnect client worked but it appears that the new 4.0 client does not (am I wrong?).  

Skype Enterprise

Hi,

I need to create a rule to make run Skype enterprise. I don't find an app for skype enterprise so i tried to create a rule with only skype and ms-lync-online but it's deny with the destination port 5061...I don't understand.

does someone has an id

TRAPS and Reverse Proxy

Hello Folks,

I have recently installed a ESM core and console server. I have added a URL re-write rule to allow my traffic to be proxied through this server. The issus is that the web based traffic is rewriting no problem. Its the communication on po

Pokemon-go

The following custom application can be created on the Palo Alto Firewall to identify Pokemon-go traffic

postscript-pdl application classification - buggy

We are setting up a new printing zone on the PA and have created a rule that allow the following applications , postscript-pdl, hp-jetdirect, lpd, snmp. It allows one page to print to the printer and then it stops. After much testing we added a secon

Allow streaming-media for training sites that use youtube links

One of out departments recently purchased access to an online training site that uses youtube to play some of the videos within the courses. We block all streaming-media on our network as a general rule on our PA 3020. I would like to allow access to

Source users no longer showing up in Monitor and ACC

A few weeks ago I noticed that in our firewall suddenly all the Source User fields are showing blank. This is very strange since it happened without any changes being made to the firewall or the Domain Controller. We populate user IDs using LDAP. All

vwire using a single physical interface possible?

Right now we use a standard vwire with 2 physical interfaces.

We're about to make some hardware changes that means that the vwire input and output will be from/to the same physical switch.

If I have to use 2 interfaces then on that switch I'll just b