Global Protect Pre-Authentication with public SSL cert

Folks.

My boss wants me to implement "pre-authentication" for my Global protect clients, so that they authenticate against AD before logging on to their laptops when on VPN, and ergo run login scripts, group policies etc.

I have https://live.paloaltone

Do not display Threat log with descent sort on palo alto device 3020

Hi All,

I have a problem to view threat log on device.

My device is 3020 model, with 5.0.9 version, threat verion: 445-2292.

I do not see any threat log record when I select DESC sort, but I can see threat log with ASC sort.

Please help me why ?

thanks

Mirror traffic from tunnel interfaces to SPAN port

Hello Everyone,

I'm new to the PA firewall's and trying to figure out how to monitor my tunnel interfaces, and the traffic flowing through them.

I have a PA-3020 running as an endpoint for several tunnels. I want to mirror the traffic from those tunn

Destination NAT on a Vwire?

Is there documentation on how to do this?  All I have found is incomplete.  Is the Destination Zone the same or different than the Source Zone?  Do the addresses have to include the subnet mask?  Are there any complete examples available?

EDNS Support

In the recent code releases has support for EDNS been added...If so, what release and can you point me in the direction of a good EDNS tech doc?!!

Thank you in advanced,

-jc

Security Policy-by Computer Name in domain

Hi,

I have a requirement from a customer, that he doesn't want user based security policy for a certain location.

He want that only specific computer names which are in domain should be blocked for certain application.

Is this possible using global pro

Redundant Ports

Hi,

the customer is looking for a redundant ports as there looking for a cross connection between two different switches.

is this possible? etherchannel/aggregate port configuration doesn't solve that issue as aggregate port goes in the same switch onl

PBF ISP Failover with one ISP interface as DHCP client

Hi all,

I have a client who has (for reasons beyond my ability to comprehend) decided to be pathologically cheap about one ISP link at one of their sites (running a PA-200), and are dropping their static IP in preference for more bandwidth at less cos

List of custom risks

Hi,

Just started out configuring a new PA3020 and decided to block all risk level 5... there are a couple of apps that I wanted to allow through so re-graded them risk 4.

In the future I want to ensure this is manageable, is there somewhere on the syst

Active Directory Users not Authenticating to GP

Hi,

We configured agentless User-ID with our PAN OS 5.0.2. We created policies using the AD usernames and it is working fine.

However, We are trying to configure our GP to authenticate using the AD users. This is not working and we are getting the foll