IPsec Site to Site Tunnel Crypto

All,

First, please forgive me if this has been asked before, I wasn't able to find anything conclusive with any good explanation.

Recently I renewed a couple of web server certificates and in doing so the CA recommended that I use SHA2 with a 256-bit m

multiple VLANs on one security zone - possible?

Hi

I need your help with one (probably simple for You problem).

I have PA200 but I have only one "free" security zone and one phisical interfece free.

I need to create 4 local networks (as a subinterfaces/VLAN) that every one has their own adresses, dhc

PA-500 and Jumbo Frames

Background:

I've been doing some testing with a pair of A/A PA-500's and decided to enable jumbo frames on a file server. I understand that the PA-500 does not support jumbo frames but when I begin a file transfer, it works, running at about 5,017 Kb

Qualys Scan alert on OpenSSH J-Pake

We run Qualys scans on the internal network, and it's picking up that the PA's are running OpenSSH ver 5.2. I receive the following warning:

OpenSSH, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol. This

Having to reset the dataplane frequently

Hello,

We've been having an issue in our environment where we need to reset the dataplane because randomly packets will traverse our rules and start getting denied. We aren't sure why this is happening or what's causing it. What I'd like to know is if

Policies security and NAT are bidireccional???

If there is a security policy applied from just "untrust to trust" permitting SSH traffic .. this rule will be bidirectional??? or i would need to create other rule from trus to trust permitting SSH???

Its the same with NAT rules???

thanks

GlobalProtect client doesn't inform the user that the portal/gateway connection is timing out

In my testing of the GlobalProtect client (I'm using the latest stable, 1.2.1), I noticed that if for any reason the connection to the GP portal or gateway times out (e.g. the user's laptop isn't connected to the Internet, doesn't have the correct IP

SSL based custom application also seen as SSL

Hi,

I set up an SSL based custom application for a specific web application in the company.

I followed this document :

But when I look at the traffic logs, for every connection to this application I have :

- 1 log that shows traffic as "ssl" application

PA-2050 - what are the aho_sw_fpga_unavailable and dfa_sw_fpga_not_loaded counters all about?

Hello

I'm trying to find out what the following two counters are all about and if our rate/count for these counters are anything to worry about regarding Data plane performance issues with our PA2050 Active-Active platform.