General Topics

Security Policy-by Computer Name in domain

Hi,

I have a requirement from a customer, that he doesn't want user based security policy for a certain location.

He want that only specific computer names which are in domain should be blocked for certain application.

Is this possible using global pro

Redundant Ports

Hi,

the customer is looking for a redundant ports as there looking for a cross connection between two different switches.

is this possible? etherchannel/aggregate port configuration doesn't solve that issue as aggregate port goes in the same switch onl

PBF ISP Failover with one ISP interface as DHCP client

Hi all,

I have a client who has (for reasons beyond my ability to comprehend) decided to be pathologically cheap about one ISP link at one of their sites (running a PA-200), and are dropping their static IP in preference for more bandwidth at less cos

List of custom risks

Hi,

Just started out configuring a new PA3020 and decided to block all risk level 5... there are a couple of apps that I wanted to allow through so re-graded them risk 4.

In the future I want to ensure this is manageable, is there somewhere on the syst

Active Directory Users not Authenticating to GP

Hi,

We configured agentless User-ID with our PAN OS 5.0.2. We created policies using the AD usernames and it is working fine.

However, We are trying to configure our GP to authenticate using the AD users. This is not working and we are getting the foll

Update routing table based on PING results

Does anyone know if the PA supports dynamically updating the routing table on a PA FW based on PING results?  Some vendors refer to this as IP SLA.

thanks

Daniel

Best practices for HA PANs and switch stack

For this scenario, assume a simple setup. Two firewalls in HA and two switches in a stack. Also assume the firewalls are in active/passive. Consider the below setup, each firewall has one physical link to separate switch members of the stack.

In this

Voip external server

I'm experiencing an issue with a connection to an external voip server.

Directly attached to a PA-500 ethernet port there is a patton (fxo voip appliance).

Now, I'm allowing any traffic to outside, any application.

When I surf from that interface I can

Global Protect - Split Tunnel

Is it possible with global protect and split tunnel setup to have policies applied for url filtering to the local client so that sites can be blocked in split tunnel mode?

show vpn flow: Should "tunnel mtu" be renamed to "suggested tunel mtu"?

Hello,

Can you answer these questions regarding the tunel mtu that appears in the output below?

cstankevitz@PA-500-Local> show vpn flow tunnel-id 27

tunnel  Sterling

        id:                     27

        type:                   IPSec

        gateway i

Ipsec VPN traffic issue

   why we are getting CISCOVPN traffic flow on VPN. please suggest.