Did you know that you can help your fellow community members by accepting solutions when a reply answers your question Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature
...
I am coming from a Checkpoint environment and I am struggling with some of the terminology. I see a number of references in the Getting Started and the Administrator's guides to "Security Policies". To me this implies that I can create a number of po
...
Hello,
I have problems to identify an AD user whose name contains accented characters:
User "SépotF" recognized as "sépotf"
Any suggestions?
Thanks
Hello
I have PA200 without licence for second GP Portal.
I did a second gateway because I thought that this should solve my problem.
I need to let access to some website to my users but with my IP address. Thease people has accounts on radius server. I
...
Is it possible in 4.1 to limit the size of icmp replies or strip any payload in order to discourage tunneling via ICMP ?
Hi,
I want to install the PA in my ISP net as transparent bridge, I'm looking for a way to configure the machine to get an IP address & then translate it via Radius acounting / diameter protocol to the user info.
Do you know how it can be done?
How is
...
When enabling OCSP and having a self signed certificate for SSL decryption
(we push the certificate to all our domain clients)
will OCSP check my self signed certificate against the OCSP responder (and fail because it is unknown)?
Or will it only check
...
Hi everybody.
I've got a strange problem related to split tunneling in PAN configuration. The situation is:
- Portal and Gateway configuration in PAN-2050 with PANOS 4.1.7 (same results with 4.1.6 and 4.1.5).
- VPN client Cisco compatible (Windows and L
...
I need to confirm what traffic data (specific DNS Request strings inside the packet) is hitting two specific Security rules, so would like to capture just the traffic that is hitting these rules. Is there any way to do this?
I have run the Packet Capt
...
When I try to download the latest netconnect install file from the Software Updates web page it downloads without a valid file extension. When I download the file PanVPN-1.3.4 shouldnt it be PanVPN-1.3.4.msi ? I've tried renaming the file...
Hi, i just realised that my two PA (active/passive) have an alert of HA Antivirus Compatibility. I have checked the version in Dynamic Updates and its the same in bot devices. CAn you tell me why this mismatch happens???
I attached an screenshot with
...
Facebook is not displaying its page/images properly when SSL Decryption is enabled
any ideas why ?
*Note: I have a rule allowing ANY destination with ANY application with ANY service, also another rule i tried was with ANY destination with Explicitly a
...
Can it handle nested Active Directory groups?
Security policy with a group which a user is not direct member of. When user tries connection through firewall then it checks the groups within the group (an so on).
Can it be configured how deep the nestin
...
I have a question. Maybe someone has run across this.
I am using the server monitoring function of Palo
I realize that I can use the user-ID agent and set it to never forget the user mapping, but I am looking for a more accurate way of keeping this map
...
Hi,
I Have configured a BYOD wireless ssid that is being forced to the internet via a port on our 2050. I am trying to get the network to be able to contact our mail server for exchange on mobile devices and also to have access to our content server r
...
Hi,
2VR 2isp,2 seperate default GW (2 ppoe modems)
PC A ---- internet through ISP 1
we want to RDP TO ISP2's public ip and make destination NAT to PC A
How can we make this work ?
New enforce symmetric return did not work .commit fails with ppoe is not su
...
TomYoung
on:
how can i create a PBF rule to send traffic to a http/https proxy?
TomYoung
on:
Confused about QoS on Palo, need some assistance.
TomYoung
on:
Static Port Address Translation question
TomYoung
on:
what is the cli command for checking last failover
reaper
on:
SSL inbound inspection certificate issue
TomYoung
on:
One Global Protect Portal and Two Global Protect Gateways in One Firewall
