Traffic denied by one context is allowed in the other

Hello All,

I have a strange situation and need some help.

I have 2 legs of my firewall implemented on Core and Edge level.

I have a host 10.1.1.10 behind my Core layer firewall trying to access an external FTP server.

On the core layer I have a policy t

Panorama - 6.0.1 Impressions? Stable? Worth the risk/trouble?

Hi Everyone,

   I have been reading the release notes... and Panorama 6.0.1 is looking really good.... but is it solid???

   Also, our firewalls are on PAN-OS 5.0.8 ... will Panorama 6.0.1 have any issues managing firewalls on 5.0.8?

Thanks

Art

Global Protect Pre-Authentication with public SSL cert

Folks.

My boss wants me to implement "pre-authentication" for my Global protect clients, so that they authenticate against AD before logging on to their laptops when on VPN, and ergo run login scripts, group policies etc.

I have https://live.paloaltone

Do not display Threat log with descent sort on palo alto device 3020

Hi All,

I have a problem to view threat log on device.

My device is 3020 model, with 5.0.9 version, threat verion: 445-2292.

I do not see any threat log record when I select DESC sort, but I can see threat log with ASC sort.

Please help me why ?

thanks

Mirror traffic from tunnel interfaces to SPAN port

Hello Everyone,

I'm new to the PA firewall's and trying to figure out how to monitor my tunnel interfaces, and the traffic flowing through them.

I have a PA-3020 running as an endpoint for several tunnels. I want to mirror the traffic from those tunn

Destination NAT on a Vwire?

Is there documentation on how to do this?  All I have found is incomplete.  Is the Destination Zone the same or different than the Source Zone?  Do the addresses have to include the subnet mask?  Are there any complete examples available?

EDNS Support

In the recent code releases has support for EDNS been added...If so, what release and can you point me in the direction of a good EDNS tech doc?!!

Thank you in advanced,

-jc

Security Policy-by Computer Name in domain

Hi,

I have a requirement from a customer, that he doesn't want user based security policy for a certain location.

He want that only specific computer names which are in domain should be blocked for certain application.

Is this possible using global pro

Redundant Ports

Hi,

the customer is looking for a redundant ports as there looking for a cross connection between two different switches.

is this possible? etherchannel/aggregate port configuration doesn't solve that issue as aggregate port goes in the same switch onl

PBF ISP Failover with one ISP interface as DHCP client

Hi all,

I have a client who has (for reasons beyond my ability to comprehend) decided to be pathologically cheap about one ISP link at one of their sites (running a PA-200), and are dropping their static IP in preference for more bandwidth at less cos