Using Virtual-Wire to isolate and allow/deny traffic to a couple hosts on existing subnet.

We have a situation as a result of going through a PCI audit. We have a single subnet which contains a handful of servers that need to be isolated and traffic restricted. Originally we were going to move these few servers to a new switch VLAN changin

PPPoA config for UK

I'm configuring a PA-200 for deployment to England. I will not be on-site when the device is cabled, so I must be sure all configs are good beforehand.

England uses PPPoA instead of PPPoE.

Using the WebGUI, if I go to the IPv4 tab on the Ethernet Inter

Upgrade firewall version 6.1.1

Anybody already updated the firewall version for 6.1.1 ? What´s the step by step for the update ? Did you find any problem ?

tks

more than one mirror decryption interface

is it possible to forward decrypted traffic using more than one interface  ?

what will happen when we choose 2 eth for decrypt mirror with 2 decryption profile ?

PANOS Release 6.1.3 Required to login twice to get access

Hello,

I've a cluster of PA500 running 6.1.3.

When I try to login to the system (with the GUI), the login always fails and I'm redirected back to the login page.

After login again, it works fine...

Any idea ?

Regards,

HA

Interal Architecture of the fpga / asic for pa hardware models

Hi,

I've been searching for documentation on the internal architecture for pa5000 series (pa5050 to be precise). I've not been able to find it however. I'm especially interested in how the fysical interfaces are connected what the throughput of the di

SSL Inbound decryption and nginx webserver

Hello,

I try to configure nginx 1.6.2 (on linux ubuntu server 14.04 LTS) with fully support SSL Inbound decryption.

We're running PAN-OS 6.0.9.

Based on the document Inbound SSL Decryption Not Working Due to Unsupported Cipher Suites, I configure this o

GP gateway drops to SSL and client gets disconnected..?

Hi all -- I just noticed an odd behavior affecting all GP clients (running on PA200, PANOS 6.0.3, GP Client 2.0.3), but I haven't changed anything recently.

In looking at the System log, I see users connecting successfully ('portal user auth succ', 'p

GRE- plans to support on PAN

Hi,

Are you going to support GRE on PaloAlto in the near future?

Thanks,

Pawel

Floating IP and ARP load sharing addresses binding in A/A

Hello All,

I'm curious about spending public IP pool given by my ISP, if I decide to put PAN-s in front edge perimeter. I have seen that in A/A scenario I need 4 IP's (physical and virtual) for Floating IP scenario, or 3 for ARP load sharing (2 physic

Aggregate logs on PA-7050 across NPCs?

Hi,

I'm trying to aggregate logs across all dps in the system – right now only 2x NPC.

Using the procedure here: https://live.paloaltonetworks.com/docs/DOC-3876, the firewall says "packet-diag.log is aggregated” but where is it? Does that aggregated lo

Aruba ClearPass and User-ID

We use 802.1X on our network for user authentication and assigning VLANs dynamically. Our edge switches (Brocade) and Aruba Controller are configured to use Aruba ClearPass to authenticate each user. ClearPass uses LDAP (freeIPA) to look up users. Cl

SHA256 forward decryption on Palo Alto Networks Firewall PanOS 5.0.15

I have a private subordinate CA signed using sha256.  This is my forward decryption certificate.  The trust anchor is also sha256.

With forward decryption enabled on my PanOS5.0.15 device, the certificates generated by the firewall are signed using sh