NAT Traversal over IPSEC Tunnel

Guys and Gals,
I have been working to set up NAT-T across an IPSec tunnel between two PA-200's in my lab and am not having success.  I have followed documentation and suggestions I could find on this site, but I am unable to get NAT-T working and was

URL category blocked but appears as allowed!!

hi,

I've applied web filtering where I blocked ulr categories such as peer-to-peer, games etc, but in traffic logs it appears that it is allowed:

peer-to-peer url category:

and same with games category:

But it is also showing that it is blocking those ca

Problems adding an IPv4 Address to a Firewall!

Hi,

I've been looking after some Palo Alto Firewalls for about a year and half now; and I'm still not sure quite how to add an IP address correctly!  Something is definitely wrong here! 

The setup in question consists of a pair of PA5020 firewalls con

youtube not working because recognized as google-video-base

Hi,

when we browse to youtube and try to watch a video there is an error displayed and the video does not start.

This only happens when using Internet Explorer.

When i take google chrome it works.

I looked to the traffic log and see that google-video-bas

What's your experience with 6.0.x?

We started configuring an HA pair of 5020's on 6.0.3.  We have yet to pass any traffic through it.  I would like to get feedback on real world Palo Alto firewalls that are running 6.0.x and how stable/unstable they are.

I did read one thread where a f

How to identify unused objects?

Hi All,

Is it possible to identify unused objects,.? eg: address, address group, app group etc

We are using PS2050 which is taking too much time for commit ( arroung 30 minutes) so i want to remove unused objects from the device which may helps to impr

XML API: Meaning of cpu load-average / load-maximum values

Hello,

first of all I am new to Palo Alto Firewalls and I`m highly impressed about the xml api which comes with palo alto. very cool and useful stuff! It took me just a couple of hours to fulfill some management requirements on reporting. Now I want t

PAN-VM HA Link Group Monitoring Issue

Hi,

I have a pair of PAN-VM in active/passive mode and configured link group monitoring with four member ports and when I disconnect one of the ports from vSphere the failover happens quickly and marks the node as "non-functional (Link down)" but when

Question on QOS

QOS is something I am looking to start using for a few things but I just had a couple of questions about it.

So firstly, I can set a QOS rule and assign a class. I know I can create profiles on the class, but lets just say I use the default classes th

Captive Portal; User loosing internet access

Hello,

A user is complaining that he is losing internet access randomly through the day.  After he refresh the web browser a couple of times or logs off he is able to access the web. The error he gets is a generic IE 10 error, "This page can't be disp

Global Protect + LDAP + Cert Auth = Auth Fail AND Auth Success

Is anyone else running this setup...

Global Protect VPN(iPads specifically) using LDAP(Active Directory) AND client certificate for authentication.

...if you are, have you noticed in the System logs, when a user authenticates to Global Protect the PA l