NAT - link local IP addressing

Greetings,

During NAT, can the PA act as a proxy using link local IP addressing (IPv4).  I know we cannot with IPv6.

Cheers 

QoS default Class 4

Does anyone know the default Priority level of Class 4 when a Class 4 is not specifically defined in the QoS policy?

Palo Alto logs shown differently

Hi All,

I have a query regarding Log monitoring. The logs for one user shows the entire subnet, where as for another user it shows that particular IP. May I know the reason behind it. Is there any setting that need to be changed or is it due to per

Max virtual routers?

Take the 3020 for example which can have a max of 10 virtual routers.  Is that 10 VR's per vsys or 10 shared between any/all vsys's you have on the box?

IMAP long tag anomaly

I know this was kind of asked here, and I was wondering if the best option would be to create a rule like the one mentioned in this post..

https://live.paloaltonetworks.com/t5/General-Topics/SMTP-long-MAIL-anomaly-Vulnerability-30392/m-p/2327#M1718

NAT over IPSEC VPN without an IP on the Tunnel interface

Does anyone know if it is possible to NAT over an IPSEC VPN without assigning an IP address on the tunnel interface itself?

I tried but it doesn't seem possible.

Help!

Thanks,

Duane

Can not download Software or Dynamic Updates on PA-200 w/7.01-b19

I cannot download Software or Dynamic Updates on PA-200 w/7.01-b19

Cleared all logs and also reviewed tech note "How and When to Clear Disk Space on the Palo Alto Networks Device"

Reviewed LiveCommunity and deleted files in the pcap directory and

Site to Site tunnels does not failover

Hi All,

We have several site to site VPN tunnels built for different clients. We have PA500 in HA mode. When we do a failover, general traffic does succesfully failover to secondary, but the VPN tunnels does not failover and all the tunnels shows d

Global Protect Pre-Authentication driving me nuts

Hi.

I'm trying to configure pre-authentication on my Global Protect portal.

I've followed this document until I'm blue in the face, but every single time I attempt to logon to my test environment, I get

the ssl-vpn web page do not show up

PAN OS: 4.0.10

> less webserver-log sslvpn-error.log

default:1 main  Error: Can't access DocumentRoot directory

   default:1 main  Error: Ignoring bad directive "DocumentRoot" at line 181 in /etc/appweb/sslvpn.conf

   default:1 pool.1  Error: 404 "Not Fo

Mitigating risk of not decrypting "online storage and backup" URL category.

We've been having some issues with websites like DropBox, Hightail etc since configuring SSL Decryption. I believe this relates to a security technique called "Certificate Pinning". I've resolved the issue by adding the "Online Storage & Backup" URL