General Topics

Resolved! GlobalProtect, Working from Home, Prisma Access and Covid-19

To all, Just wanted to post a message about the Hot Topic right now, which is Covid-19. With all of this going around, everybody's health and safely is the utmost concern. Keeping your hands clean, washing your hands (A LOT), using hand sanitizers, a...

Is PBR similar or better than WCCP?

We're planning on implementing WCCP to route http and some streaming traffic to our proxy, but looking at how PBR work it's very similar. Can someone please give me a good comparison between the 2?thank you.

Current session/connection information by subnet

HiWe're trying to isolate the source of some high session traffic in one of our regions. This is showing up in our exterior firewall connection count, and also on our PA device which is in line.I can see the sessions by using the command line tools a...

How is QoS applied

Hello,can somebody explain how QoS is applied on traffic through the PA.I know that I configure a QoS Profile, bind it to an interface and create a QoS policy,and that all belongs to the egress traffic of an interface.But what happens if I configure ...

URL Filtering License Monitoring

I have a setup where I need to block traffic if our URL filtering license is not working as apposed to letting traffic go out with out the filtering. I want to monitor this license expiration some how. I don't want us to find out that our license has...

How to configure different Access Route in a SSL VPN?

My question is that I need to configure different Access Route for different user's profiles.For example:Group users 1 Access Route only to 192.168.0.0/16Group users 2 Access Route all packets, 0.0.0.0/0.It is possible with PA?Thanks,Félix Sánchez

How to configure Data Filtering Policy

I would like to know if there's a specific document that walks you through step-by-step of setting up data filtering. I am running PA2020 v3.05.I've read the Admin Guide v3.0, but it's very vague. There's no information as to what weight # should be ...

OSPF Redistribution export tag

I have several connect and static routes I'm trying to redistribute into OSPF. I've set up a redistribution profile and I'm trying to add it to the OSPF export rules. I've selected the profile, set type as ext-1, but no matter what 32-bit value I ent...

Resolved! IKE phase 2 failing with an asa5505

Message =IKE phase-1 negotiation is succeeded as initiator, main mode. Established SA:IKE phase-2 negotiation is started as initiator, quick mode. Initiated SA:IKE protocol notification message received: INVALID-ID-INFORMATION (18).

Resolved! When do PA alert for expiring license on system log before license expire?

Hello.I wonder about that when do PA alert for expiring license on system log before license expire.My PA500 box (that has NFR license) alwyas said like the attached image.Please answer me above.Thanks.Regards.Roh

Warning: undocumented change in syslog format

Heads-up to everybody: in version 4.x of PANOS, they have decided to make the following changes in their syslog format:1. In the Miscellaneous field of the Threat Log syslog, where the URL a user visits is reported, the URL data used to be placed bet...

Application and Threat Versions

Hello-I was wondering if there is a place on the portal to find out what the current available Application and Threat version is availble for download. I use the dynamic updates option and look for a new version for the spyware and application and th...

Resolved! Don't have the Download Protection tab for Anti-Spyware

Is this an option you have to turn on? When I go into Objects and Anti-Spyware under Security Profiles I click new and I do not have the Download Protection tab. Is there a reason for this? Is it a licensing thing? Version 3.1.6

Syslog Issue.

Hi - I may have not understood how this is achieved - so apologies before I start!I'm trying to forward logs for traffic and threat to syslog We have 2x 4050s and Panorama - all policy rules are added via panorama.I've created a "log forwarding profi...

VPN for multiple internal subnets?

HiIs it possible to configure the VPN to access different internal subnets? I mean, our network has a few internal subnets that do not route to each other... there are users who need to access 192.168.1.x and some who need 192.168.2.x and others 192....

2 IP ranges

In the Juniper and Cisco firewall configurations it is possible to route a second IP range to a firewall without having to add a second default route. Is this possible under 4.0.5?My client is wanting to be able to failover between two data centers w...

Forum Posts

Resolved! GlobalProtect, Working from Home, Prisma Access and Covid-19

Is PBR similar or better than WCCP?

Current session/connection information by subnet

How is QoS applied

URL Filtering License Monitoring

How to configure different Access Route in a SSL VPN?

How to configure Data Filtering Policy

OSPF Redistribution export tag

Resolved! IKE phase 2 failing with an asa5505

Resolved! When do PA alert for expiring license on system log before license expire?

Warning: undocumented change in syslog format

Application and Threat Versions

Resolved! Don't have the Download Protection tab for Anti-Spyware

Syslog Issue.

VPN for multiple internal subnets?

2 IP ranges

Captive portal not working in Chrome and Edge after updating to PAN OS 10.1.2

Global protect warning message upon commit

SNMP monitore system message critical

No valid GlobalProtect Subscription License warning

log at session end?

Re: IP for Cluster HA Active Pasive

Re: Scripting offline updates.

Re: HSCI Port

Re: High Availability for Firewalls in diferent locations over Layer 3 network

Re: ALERT WHEN VPN DESTINATION STOP WORKING

Network Security

Cloud Security

Security Operations

Resolved! GlobalProtect, Working from Home, Prisma Access and Covid-19

Resolved! IKE phase 2 failing with an asa5505

Resolved! When do PA alert for expiring license on system log before license expire?

Resolved! Don't have the Download Protection tab for Anti-Spyware