SSL decryption for public use ?

We provide internet access for public use (wifi hotspot). For better control and visibility, I would like to introduce SSL decryption (we already use it for our internal users). But there is no way I can deploy the certificate to those users (who I d

Global Protect time out - automatic reconnect attempt?

We're experiencing this with Windows and OSX clients.

The user connects on Monday, tunnel times out after 24 hours.

User doesn't disconnect but lets the connection time out naturally.   Immediately after time out, they receive an attempt to re-auth eve

Global protect certificate

What are the steps to apply a 3rd party certificate to a global protect client instead of using a self signed cert?

Upgrade to PAN-OS 6.0.4 - a virtual wire did not come up

Hello,

I have a PAN-OS 6.0.2 box that I upgraded to PAN-OS 6.0.4.  I have two vwires: one on interfaces 1/2 and another on 5/6.  The vwire on 5/6 did not come up.  The interfaces are "up" (green) as far as the web gui is concerned. The "Monitor" shows

User-IDs Agent : Error : ldap_parse_page_control

I install User-ID Agent Version 6.0.2-3 on a Windows 2008R2.

I use the LDAP proxy on the firewall to read the AD.

I have the following message in the logs [Error 727] ldap_parse_page_control (cn = ...... (null)) return (93): Specified control was not f

Interface goes Down when speed set to 1000!

Hi,

I was getting complains for slow download speed, so I tried to change the speed setting on interface from auto to 1000, but the interface went down.

Link status:

  Runtime link speed/duplex/state: unknown/unknown/down

  Configured link speed/duplex/s

Group users in Security policy!

hi,

is it possible to group the users for a specific security policy, as in pic below, so it will look better

Thanks,

B.

OpenSSL TLS Malformed Heartbeat Request Found - Heartbleed(36397)

Hello

I have a PA-2050 with PanOS 5.0.8 and I get this message today

"THREAT,vulnerability,1,2014/08/31 16:32:08,216.75.XX.XX,213.0.XX.XX,216.75.XX.XX,10.1.5.92,Access webprv,,,ssl,vsys1,Untrust,DMZ,ethernet1/3,ethernet1/1.938,ACUNTIA,2014/08/31 16:32:

With out ARP entry internet is not working.

Dear Friends,

I have 2 interfaces in PAN->lan zone and internet zone

ISP router-huawei mac is not learned in palo alto firewall..As a result, Internet not working

But when i add static ARP entry for huawei router in ISP interface, Internet is working fi

User-ID Problems when I change the User on Group in AD.

Dear sirs,

I am facing a strange behavior in my network environment, as the identification of users, every time I change one User Group in my AD group to which he belonged fails to do correctly match the rule that created him and passes out by an "AN

NAT Traversal over IPSEC Tunnel

Guys and Gals,
I have been working to set up NAT-T across an IPSec tunnel between two PA-200's in my lab and am not having success.  I have followed documentation and suggestions I could find on this site, but I am unable to get NAT-T working and was

URL category blocked but appears as allowed!!

hi,

I've applied web filtering where I blocked ulr categories such as peer-to-peer, games etc, but in traffic logs it appears that it is allowed:

peer-to-peer url category:

and same with games category:

But it is also showing that it is blocking those ca

Problems adding an IPv4 Address to a Firewall!

Hi,

I've been looking after some Palo Alto Firewalls for about a year and half now; and I'm still not sure quite how to add an IP address correctly!  Something is definitely wrong here! 

The setup in question consists of a pair of PA5020 firewalls con