Wildfire

So currently I am using wildfire but only choosing to forward the file. Is anyone using the block option? If so are what are the pros and cons?

vwire & VLAN tagging?

Hi all,

Is there any issue with configuring a vwire for both tagged and untagged traffic. For example use VLAN tag 0 AND whatever my real tags would be, like 1, 100, 200, etc. I'm assuming it will be fine since there is an option for 0-4094.

Any issues

User-ID Group Mapping for Multi Domain Single forest

Hi everyone.

I'm trying to setup a User-ID installation for our multi-domain Active Directory environment.

Here is a rundown on what we have

DomainA = Workstations, groups, users, servers, etc. The main domain where everything is conducted

DomainB

Losing group mappings suddenly

Hi, 

We have a PA3020 with PanOS 6.1.10. We are having problem with any groups, suddenly the Palo Alto loses group mappings in 2 groups and the rule stops matching, we dont know why PA stops identifying the groups.

I have checked the useridd.log

Aggregate Ethernet Considerations

Hello Everyone, 

I just want to double check my understanding of AE interfaces limitations indicated below. Appreciate your feedback.

1. I cannot mix 1G copper interfaces with 1G fiber interfaces in the same AE. Is this correct for all platforms

PCoIP traffic getting dropped because it's using SSL

I have VMWare View clients and I'm trying to set up the rule with the vmware-view App-ID, but the traffic gets dropped at PCoIP. The PA logs are showing tcp/4172 as SSL, even though PCoIP has port tcp/4172 defined.

Is this an issue with the App-I

Globalprotect and simple SSL VPN?

It appears that, after a user has authenticated to a Globalprotect portal for the first time, they are prompted to download and install client software. Does Globalprotect (or Palo Alto in general) provide the option of simple client SSL VPN? ie; whe

Upgrade 6.1.x to 7.0.x

In the release notes of 7.0.5-h2 there is now this information:

Before you upgrade to PAN-OS 7.0.3 or a later PAN-OS 7.0 release, you should review the information about how to upgrade
a firewall to PAN-OS 7.0. Additionally, if virtual system (vsys)

interconnecting two shared Gateways

Hello Is it possible to connect two shared gateways on the same firewall using some internal method and not using physical interfaces ?

Service expiry

Hi,

What are the services will e stopped  if thelicence  expired ?

Thanks

Bug in password-string when using GlobalProtect with LDAP?

We had some users, who were not able to use VPN. they alway got XML parse-errors in the GlobalProtect Agent log.

We finaly found out, that this users had '<' or '>' in theire passwords. when thy changed theire passwords in some string without these