General Topics

How do you Commit the configuration of a Panorama to an existing HA Pair of 5060s?

I followed the instructions from “Panorama-Device-Migration-Tech_Note-revB.pdf” using the CLI method to capture the configuration of an HA Pair of 5060 running PAN OS 5.0.11 and paste it to the Panorama running PAN OS 6.0. The Migration Checklist st

Captive Portal Timeout no new Session - Cisco VPN Client

Hi there,

I'm facing the following challenge.

We have various guest users being authenticted via the captive portal after that, they are using their cisco vpn client.

So there is only one session.

And because all traffic is routed to the vpn connection n

Threshold block

I want to block access to the users only if they watch youtube and the bandwidth consumed is more than 500 Mb.

Is this possible. Can this be done.

Need advice whitelisting external network vuln mgmt scanners

Curious what other PAN companies are doing for this? What best practices around whitelisting your own Vuln mgmt internal and external scanners? When we asked PAN support, they recommended adding a new security policy to top, but that's not scalable b

Panorama Virtual Appliance

We're getting ready to migrate from CP to PAN. We have a lic for the Panorma Virtual Appliance. Looking at the doc; 10 or less firewalls is recommended, we have bit more. Has anyone experienced this? Documentation doesn't say why, leaves me wondering

Use of Web Content Filtering for WAN VPN connected PCs?

What would be the best way to go about using the content filtering if possible through the Palo device through PCs that are connected via WAN VPN connections?   The current WAN connection is a split tunnel using a Cradlepoint router.   Is there a way

Firefox SSL decryption issue

We've had PAN kit for the best part of a year and use it for SSL decryption among other things. 

The SSL certs were generated via a CA on our domain. IE, and Chrome work transparently, firefox used to. I know get a "This Connection is Untrusted" page

Custom signature needed to detect "invalid username" response to a brute force login attempt (is it possible?)

Hi,

I'm new to Palo Alto and custom threat signatures. I'm trying to detect invalid login attempts to a web site and apply a time rate. When the user enters an invalid username in the login, the site returns the text "invalid username". Which context

May I set the same ip in different interface between two virtual system？

I  set ip address 192.168.1.254/24 in the ethernet1 which belong default router in the vsvy1.

I try to set the same ip address in the ethernet2 which belong another VR in the vsvy2.

When I commit, it will display duplicate address.

I just do some lab ab

Can't dectec Viber ( Android Phone)

Hi all

I user Viber, Kakatalk, Skype on my Android Phone.

I sent text msg, voice call bay Viber, Skype, Kakaotalk.

But Palo Alto only dectect Skype and Kakao talk

I can't see Viber on Palo Alto?

Pls help me know why.

Problem with domain users to log in Palo Alto's Portal

HI all. I have the problem with domain users to log in Palo Alto's Portal. I configured as document: Admin Guide v5.0 already. However, It doesn't work correctly, domain account cannot log in. Please support me to fix this problem. Thanks

Trust to DMZ (Zone to Zone) Security Policy Failure...

If an expert could please take a look at a test DMZ zone I'm trying to configure on a PA-500 with OS 5.0.8 and tell me where I've gone wrong I'd appreciate it!

I realize it's wide open at the moment, but it's just for personal testing/understanding pu