Policy report for PCI

For PCI compliance, I need to submit poof of our firewall policy (we use a PA3020).  Is there a standard report that I can run that summarizes our Policies, or is there a way to export the policies to a PDF or spreadsheet?  On our old ASA I could sim

Windows Radius Server (NPS) / User ID discovery through PA Agent

I'm trying to figure out a way for the PA to discover usernames / IPs for wireless clients (could be Iphones / Andriod) authenticating via a Windows 2008 R2 Radius server. Clients are authenticating through dot1x (wpa2 enterprise). Auth and everythin

Issues upgrading pa200 from version 4.1.6 to 5.0.10

I downloaded OS file version 5.0.10 and when I tried to install it, I get the following error message:

• Failed to install 5.0.0 with the following errors. SW version is 5.0.0 Error: Upgrading from 4.1.6 to 5.0.10 requires a content version of 320 or g

Portal Page for web based email?

Is it possible to have a portal page or a content page when someone uses gmail, yahoo mail, .... that would make them have to read company policy about not to use them to upload and email company data?

Custom Vulnerability (.DMG)

Hi All,

PanOSS 5.0.10

The following site (amongst others) hosts a malicious file that I want to block: Download Genieo. The file is a .dmg and I want it blocked to my Mac user estate. Rather than block the URL I thought I would give Custom Signatures >

Idle timeout since 5.0.11

Hi All,

We have an issue with our firewall. Ever since we did the update to 5.0.11 a few weeks back our RDP connections from WAN to LAN are timing out after 30 minutes of Idle time. I have checked the server settings And they are fine, the only thing

VPN is UP but no traffic flows through

Hello

I have noticed the issue a few times, when the VPN was UP but no traffic was going through. I had to clear the VPN for the traffic to flow again. Has any one had this issue and is there anyway to stop this from happening again?

When monitoring th

2 site-2-site tunnels between 2 PAN devices

Hello all,

Would it be possible to setup 2 site-to-site tunnels between 2 PAN devices? I’d like to have 2 “parallel” tunnels to split the traffic in 2 different zones.

Regards,

Stephan van der Plas

System Alert: high:Syslog connection established to server

After upgrading the PA4020 to 6.0 we started to receive email messages with subject line: SYSTEM ALERT : high : Syslog connection established to server.  Is this a new feature?  What is the purpose for this and can we prevent this email message from

How do you Commit the configuration of a Panorama to an existing HA Pair of 5060s?

I followed the instructions from “Panorama-Device-Migration-Tech_Note-revB.pdf” using the CLI method to capture the configuration of an HA Pair of 5060 running PAN OS 5.0.11 and paste it to the Panorama running PAN OS 6.0. The Migration Checklist st

Captive Portal Timeout no new Session - Cisco VPN Client

Hi there,

I'm facing the following challenge.

We have various guest users being authenticted via the captive portal after that, they are using their cisco vpn client.

So there is only one session.

And because all traffic is routed to the vpn connection n

Threshold block

I want to block access to the users only if they watch youtube and the bandwidth consumed is more than 500 Mb.

Is this possible. Can this be done.

Need advice whitelisting external network vuln mgmt scanners

Curious what other PAN companies are doing for this? What best practices around whitelisting your own Vuln mgmt internal and external scanners? When we asked PAN support, they recommended adding a new security policy to top, but that's not scalable b