Active/active ha config

Hi All,

my req:

isp 1 4mbps(untrust) ->pa 500a->(trust)cisco switch l3a->

isp 2 4mbps(untrust)->pa 500b->(trust)cisco  switch l3b->    same web servers but using  isp 1 &2 public ip's(redundancy purpose) to do static s-nat for web servers

external users

New Flash volnureability! (CVE-2014-4671)

Hello

According to Adobe Security Bulletin its serious volnureability, when we can expects protection on PAN?

At the moment on https://threatvault.paloaltonetworks.com/ I can't find CVE-2014-4671

Regards

Slawek

Requirements to alert an threat

Hello,

is there any possibility to get any information about the requirements for detecting an specific threat.

e.g. there is Signature ID : 13457 EBURY, what is this signature looking for ?

Do I have to decrypt anything on the PA to give a deeper look

PAN GlobalProtect 2.0.3 doesn't work

So, I activated GlobalProtect 2.0.3 yesterday and have found that it fails to connect. The user will click "Connect" and the globe will spin for about 30 seconds then it closes itself and reopen on the taskbar(icon disappears and reappears). I am cur

HA-HA group mappings not passing to secondary PANOS 6.03

Hello,

I have group mappings present on the Primary Firewall, not passing to the secondary Firewall.  Specifically for a new gorup created today.  I have tried the various debug refresh commands on both boxes to attempt the get the seocndary box to pu

web crawling for google only

I know this topic has been discussed before but there is never a clear answer. It seems it is not possible to allow only specific web crawlers such as google. If that's the case, I assume most of you have web-crawling enabled for your site only? Goog

vcom-tunnel

Hi!

  We have a problem on the equipment pa-5020.
when we look at the log traffic, the session ends with incomplete response
Then I looked in and saw the following wireshark log.
SYN      -              VCOM-tunnel Seq = 0 win = 8192 len = 0 mss = 14

Traffic from one zone to another

Hello.

We have two virtual wires called 'eduroam' and 'live'. There are two zones linked to eduroam, namely 'eduroam_tr' and 'eduroam_untr'. There are also two zones linked to 'live', called 'live_tr' and 'live_untr'. We would like to allow communica

There are drop counters when performance test

Hello,

I am doing performance test with Breaking Point about throughput , CPS.

While testing, I have found drop counters as below.

session_dup_pkt_drop                     701        3 drop      session   resource  Duplicate packet: Applies only for mul

Can I use SSL SYSLOG to ArcSight Logger?

Hi,

I can see the PANW SYSLOG server profile transport SSL on 6514 and I am just trying to work out if this can be received by Logger?

Thanks for looking.

Cheers

Richard

Moving/importing logs after HD failure

Hi.

Recently, owing to an unplanned abrupt shutdown of my active firewall, I ended up with a hard drive corruption which prevented it from booting up (thank $deity for HA pairs).

Quite apart from PA's *ridiculously* bad response time to replace the har