PAN Dual ISP Failver Best Practices

I have setup dozens of PANs with multiple ISPs and failover but have some questions in regards to best practices..

1. Is PBF the only way to handle failover? If not, can the same be achieved via HA Link/path monitoring or is that specifically for devi

Unknown File Types

Hi all,

we like to block or be alert when the file types .edrw and .easm (eDrawing) are passing the PA. Currently nothing is shown in the Monitoring Data Filtering.

Any idea how to get PAN to update file types in security profiles? Can I somehow report

NAT Performance Issue

Hi All,

I recently migrated a client from a Fortinet firewall to a PANW.  Most of the Virtual IPs from the Fortinet were migrated as bidirectional Source NATs.

One specific server had issues where outside traffic would intermittently not be able to con

FILE BLOCKING NOT INSPECTING ZIP CONTENT

Hello everyone,

I'm trying to block download of CPL files (PE) using a file blocking profile. We are trying to create it in a way which assures that even zipped CPL Files will be blocked.

We created the profile but it did not work on HTTPS sites, just

Same QoS Profile Applied to Multiple Interfaces?

I have a single QoS profile applied to a pair of internal interfaces as seen in the screenshot below:

In this case, will the two internal interfaces have a single shared maximum egress number or will the full maximum egress apply to each interface sep

PAN-OS 5.0.6 SNMP

server:~ leo$ snmpget -M /usr/share/snmp/mibs -m ALL -Pu -v3 -a SHA -A xxxxxxx -l authPriv -u nagios -x AES -X xxxxxxx 10.48.1.10 `snmptranslate -On PAN-COMMON-MIB::panSessionMax`

PAN-COMMON-MIB::panSessionMax = No Such Instance currently exists at th

Teamviewer application not allowed by policy

I'm encountering a strange situation where teamviewer is not allowed by the policy in which it is defined but is instead blocked by my clean up rule.

I have all the dependencies matched but for some reason the firewall does not match on the rule where

VPN - PA to PA - need internet traffic to go through additional device one hop inside PA

Remote site has a PA-200

HQ has a PA-2020.

I have the VPN setup between the two so that they are connected to each other.

   I need the internet traffic from the remote site to pass through our content filter that is connected to the PA-2020 at the HQ.

PAN-VM 200 HA A/P Configuration

Good Day

Does anyone have a configuration guide for configuration PAN-VM 200's in ESXi. Can't seem to find one in the KB specific to PAN-VM's.

Thanks

M

Policy schedule end notification

I have a policy scheduled to run for 50 days, is there a way to get a notification at the end of the schedule time period when the policy goes inactive/disabled?