Agentless UserID in a MultiDomain Environment

My first question would be is it possible to configure a firewall with no vsys license to query more than one domain without deploying the UserID windows agent?

My second question would be if yes then how given that there is only 1 WMI authentication

Thoughts on a set of application rules?

I was messing around in the interface today and had a thought as for rules and am curious what other might think.

I created a group of rules for a particular zone/AD User group.  Something like this

Allow but do not log (DNS for example)

Allow these app

PA-VM on ESXi - L2 Topology Design Questions

I'm looking to deploy a pair of PA-VM 200s running 7.x on a vSphere 5.5 cluster and would like a sanity check on the design.

My client's network currently has one large VLAN that houses most of their servers.  For the sake of this example, we'll say i

VPN s2s PA and Mikrotik

Hello

I have new tas - make VPN s2s between PA200 and Mikrotik router.

PA  (PA 200 on 6.1.4) has Advanced phase mode 1 optios set to AUTO and "anable passive mode" not checked

Mikrotik (751U-2HnD with latest 6.30 router OS) is in aggressive mode.

It's qu

Can User-ID agent 7.0 be used with PAN OS version 6.x?

I can't see anything in the documentation that mentions the requirements.

Can I update our existing User-ID agents to version 7.0 and have them still work without updating our firewall code (6.1.3 / 6.1.4) at the same time?

Applications and Threats auto-update issue

I have an issue where all of my definitions auto-update with the exception of Applications and Threats.

Previously, I had Applications and Threats set to download only.   About a month ago I changed it to also install.   Since that time, I've still ha

Tips to improve mgnt tasks in a PA-2020

Hello Everyone,

Does anybody knows any tips to improve mgnt tasks (policy changes, monitors checks, commits... etc etc) in a slow box PA2020?

I am working w/ this model since november 2013 and I am facing so many problems w/ slow response during manage

Google-Earth app issue

Hello Friends,

we have to allow only Google-Earth app for specific group of users but as SSL,web-browsing are its Dependent Application and need to allow as well, once allowing users also able to use yahoo , rediff and other urls

we have to control tha

Different severity WebUI-Traps

Hi, we have had this vulnerability (ANGLER Exploit Kit Detection (37796)  in our LAN, and we realised that PA classified this vulneratibility in the WebUI with severity CRITICAL but in the traps and syslog that we received the severity for this vulne

Check_mk Package for snmp statistics

Hello

Currently I use the standard snmp statistics in my monitoring tool check_mk:

And for Sessions I use this packages Check_MK Exchange - Mathias Kettner

I'm looking for a package to monitor the firewall throughput, threat prevention throughput and IP

Anyone integrating 3rd party threat intelligence/malicious IP feeds into Dynamic Block Lists?

I'd love to integrate lists of known malicious IPs like those in the links below into dynamic block lists, but I'm worried about overblocking or a bad feed hosing us.  Has anyone used feeds similar to the ones below, either free or paid?  What was yo

Upgraded from 6.1.4 to 7.0 VOIP unable to receive external Calls

Good Day,

We recently upgraded from 6.1.4 to 7.0 prior to the upgrade all of the remote VOIP phones operated properly, however after the upgrade we were no longer able to receive external calls from anyone. IP phone to IP phone work fine but not able

2 Factor with Palo Alto, best solution?

What does everyone have setup as far as 2 factor goes?

I have a consultant here and we're thinking about going to the Microsoft MFA server route. Seems ok but not very flexible for things other than VPN.

Any feedback on other solutions would be appreci

How can I configure Global Protect for on-demand as well as pre-logon

Hello,

I have a scenario whereby I need to offer an on-demand VPN solution to untrusted endpoints as well as an always-on solution for my trusted endpoints. Running through guides I have been able to run a pre-logon VPN that has successfully allowed m