Assign static IP through LDAP for GlobalProtect Client

Hello,

For Cisco ASA, I can configure fixed IP address for SSL VPN user by using LDAP attribute "msRADIUSFrameIPAddress IETF-Radius-Framed-IP-Address ".

(SSL VPN is authenticated by AD window 2008).

Now, I'm using PAN and I don't know how to configure a

Setup Alert for Traffic to Specific IPs

We are trying to figure out if there is a way to have the firewall create an alert in the logs when traffic hits a specific IP range. We don't want to block access to this range of IP addresses but we want to be able to confirm if users are conversin

Possible Bug in Global Protect

I am wondering if anyone else is having this issue.  We are using on-demand mode.  When setting up a new laptop we install the 1.2.5 agent.  At this point our helpdesk tech is logged in and the VPN connects correctly as it is our process to test it. 

PAN Agent to FW connectivity

Guys,

we have a PAN agent User-ID version 5 running on the network, all is working fine, but just that
on the PAN agent User ID, I see only one device PA-FW as connected.

The active one, and the standby does not show up.

Is this the right observation, or

UserID debug Log. high load CPU?

Palo Alto support ask me about send them the debug lof of UserID. I can enable this debug log with my DC in production. There is risk about load CPU in the UserID device (Domain controller). I could do it in production?

thanks

PDF Summary Report (Missing Custom Reports/Widgets)

It has been a few versions since I played with PDF summary reports however, I am currently running version 5.0.5 and in the GUI if I go and create a PDF summary report there is no 6th drop down for custom reports as I remember and as shown in the hel

Suspicious DNS Query - conficker

Hey,

Is there a way for not letting conficker fill up the threat logs? Or an easy way to filter them out? I have 1000+ logs from 1 host on just a few hours and it is getting hard to see the other threats... Even in the ACC, I get a list full of confic

The PA-3000 Series Architecture

Hi all.

I want read about PA 3000 Architecture

But i can't find anything?

Pls tell me where i can find this document!

thanks so much

URL Filtering Exception

Per company policy, we block all online personal storage sites.  However, as always, there are some exceptions.  What is the best way to allow 1 specific user to 1 specific site?  Do I really need to create a separate URL Security Profile for each ex

Can you configure Policy Based Forwarding without knowing the "Next Hop" address?

Hi folks,

I am trying to set up a PA200, running 5.0.6, to use two ISPs and set one set of users to use one ISP and the other users to use the second ISP for their outbound traffic.  My problem is that as these are ADSL circuits, each time the connect

Security Rules dont match propertly

Hi,

I just migrated from 5.0.3 to 5.0.6 and the user-id is giving problems......... Some rules is not matching correctly.......

I have the rule on top ,deny Twitter application and in the end  i have a rule allowing this traffic.....but the twitter tra

DNS Proxy Errors

We have a remote office using a PA-200 in the middle east. I configured it to use DNS proxy with caching to lower the time for resolution over the VPN tunnel back to our corporate DNS servers in the US. We also have intermittent disconnects due to th