Statefull or not statefull

We recently purchase pa3020s for mainly application control reason and put them behind cisco ASAs.   I set up trust-to -untrust policy which applies to outbound internet traffic. I denied unwanted apps and allowed rest using user group mapping.   tha

globalprotect client for android

I have the globalprotect client installed and working for pc's but I downloaded and installed the client on my android and it looks like it is trying to connect or is connecting then it pops up my username and password box again. I checked the traffi

Globalprotect vpn access permissions

I want to give different access permission to different group when they access the network using the globalprotect vpn client. I have it configured but its now allowing me to pick the specific group that I want the access for

URL Filter Question

Does PA not do DNS lookups on URL filtering?

We have an FQDN being blocked as malware, but the site can be accessed if the IP address is used.

thx

//moe

packet (5) shorter than isakmp header size. - LINUX Clients

Hi,

We configured remote vpn access in our PA-3020, and we are experiencing some issues with Linux clients. People who are using Global-Protect client work fine, but people who use vpnc client suffer service disruption in SSH or using GIT repositories

Firewall between host and gateway

Sorry if this is really basic but...

I have configuration where, we've added a gateway to a subnet that we only want one host to be able to access to get offsite.  The gateway is on the other side of a vwire in the same subnet space obviously but in a

Delay with User-ID and Captive Portal

HI,

This is only theoretical for me as I don't use captive portal (yet) but I noticed a problem.  I am successfully authenticating pretty much all my users, but quite often I see a few flows at the start of a user session which doesn't have a user-id.

How to get PA-200 Split Tunneling Internet traffic only logs to forward to Panorama?

I have split tunneling setup on my PA-200.  I have the logs being forwarded to Panorama.  I would only like the logs from the Internet traffic to be forwarded to Panorama.

I don't want the VPN tunnel traffic logs to be sent to Panorama.

I have three se

PA URL FILTERING UPDATES force to update the HA peer

Hi, i have 2 palo alto 2050 in HA (active/passive). The active HA has intenet acces in order to take the palo lato updates but the passive PA doesnt have access to internet. The problem is that the active PA has a URL version updated but the passive

Easy way to view all packets dropped by Anti Spoofing?

Is there an easy way to view all packets that have been dropped by Anti Spoofing?

Webui cert for HA PA's

I am trying to assign a external cert to the webui so I don't get the warning message anymore? I imported my cert to the primary box and the setting did not fully synchronize to the passive box. I noticed there is an import and an import HA, do I hav