How to import config from rancid

Hi,

We use rancid to take backup of out PA firewalls.

The config saves as clear text, without xml tags.

It this possible to import to a new PA?

PBF vs Static Route

Hi,

I have traffic going from A.A.A.A to B.B.B.B,

The problem this is working with the static route. But I need to use PBF instead for monitoring reasons. When removing the Static route and using PBF traffic is not reaching the target. I am configuring

How are passwords and keys stored in PAN xml config files

Are they hashed before storing them in the config files? By the looks of them, it seems like the PAN appliance is storing them in an encrypted format. If so, can they be decrypted?

For example, an OSPF key is stored as follows

"-AQ==xxxxxxxxxxxxx=xxxxx

Allow Youtube for some persons and blocking it for others

Hello,

I want to allow Youtube in general for a few users. For other users it should be blocked.

I created a rule that all allows the youtube-application for a few users that are specified with the help of an active directory group. My second rule does

Akami in log files as actual destination requested

My URL logs show 100's and 1000's of hits to CDN Akami websites.  Is there a way that I can prevent this and instead show the actual requested URL from the user in the logs instead?

SSL Decryption - warnings during commit

I had setup GlobalProtect with a third party certificate that I chained together, and it works fine with no errors.

Then, I began testing SSL Decryption yesterday (with an initial goal of decrypting SSL for Facebook so that I could block Facebook game

Wildcards in URL filtering for SSL-decrypt bypass

OK, so this is driving me mad and I'm obviously missing something.

I've created a custom URL category in which I wish to drop URLs that will bypass SSL decryption.  In this I want to use wildcards, so that all sites for a particular company can be byp

segmentation of bandwidth:

Hi All,

           One of our customers has an internet acces of 20Mbits and 4 types of users so he wants to segment the internet acces into  4  acces in order to ensure that every user groups has a bandwidth of 5Mbits.

           is it possible to do

Did PaloALto supports Opmanager version 9 (build 9200) SNMP server?

Hi All,.

Did PaloALto supports Opmanager version 9 (build 9200) SNMP server? is it is required to manually upload the MIBs to SNMP any servers?

Regards,

Gururaj

ipsec-esp / Protocol 50 invisible in vwire mode ?

We have a Vwire configuration with a paloalto (5.0.6) between a third-party router and the wan port.

Security policy is allow any - any for both directions/security zones, log at session start an end.

Everything works (as expected), all VPN Tunnels on