General Topics

URL Filtering Exception

Per company policy, we block all online personal storage sites.  However, as always, there are some exceptions.  What is the best way to allow 1 specific user to 1 specific site?  Do I really need to create a separate URL Security Profile for each ex

Can you configure Policy Based Forwarding without knowing the "Next Hop" address?

Hi folks,

I am trying to set up a PA200, running 5.0.6, to use two ISPs and set one set of users to use one ISP and the other users to use the second ISP for their outbound traffic.  My problem is that as these are ADSL circuits, each time the connect

Security Rules dont match propertly

Hi,

I just migrated from 5.0.3 to 5.0.6 and the user-id is giving problems......... Some rules is not matching correctly.......

I have the rule on top ,deny Twitter application and in the end  i have a rule allowing this traffic.....but the twitter tra

DNS Proxy Errors

We have a remote office using a PA-200 in the middle east. I configured it to use DNS proxy with caching to lower the time for resolution over the VPN tunnel back to our corporate DNS servers in the US. We also have intermittent disconnects due to th

CRL not downloading

Hi,

I have just noticed that my PA-2050 has in it's system logs regular entries as follows:

Failed to get CRL http://crl.godaddy.com/gds1-16.crl

I also get similar entries for every different certificate server I can think of.

Reason I ended up looking a

Multisite vpn question

I am in the process of planning out a spoke/hub type PA vpn setup.  I'm working with the networking team to carve me out enough addresses for each remote site.  What I'm wondering is if each remote site can connect back to the main HQ PA (5000) so I

UserID problems

HI,

we just migrated from 5.0.3 to 5.0.6. And we are having some problems  with the mapping in UserID. For some users the UserID is working correctly but for others users is not working...

I attached how this uses jloa log in, but i cant in the show us

About vpn error log

Hi,

What does "received unencrypted Notify payload(INVALID COOKIE) from IP ...to  ...  ignored "  mean ?

Thanks.

Application Incomplete - Leading causes?

So im doing work on our DR site. Two diff setup scenarios are failing; NAT over a VPN and routing from one PA to another and out a VPN. I can see the rule letting the packets out so a session should start for the return trip but .. nothing.

Both scena

PAN auto discover domain server on Server Monitoring in User Mapping

My device only setup User Identification with LDAP server and now disable. But it always discover the all domain server in the network automatically.

I want to stop discover function, please show me how and where to configure?

Thanks so much

About custom Report Logging

Hi,

Is there a way to log the situation (or to be informed ) when someone runs and exports a report in custom report section ?

Thanks.

How to solve overlaping IP addresses for configuration with Shared Gateway and multiple Virtual Systems

Hi,

Do you know, how this problem can be solved?

Can we use separate Virtual Routers per each Virtual System?

Best Regards

Pawel

PA Cluster and Panorama Template

Hey

i am trying to understand how to use Pannorama with PA cluster

my view of panorama is: if you have pannorama you should never have to login to the PA itself for configuration.

right now i have one PA cluster and one pannorama server (the PA have a c