DNS Proxy

I have configured DNS Proxy on a PA200 with PANOS 4.1.9, with two interfaces enabled for DNS proxy service and two default public DNS as primary and secondary.

But on system monitor, on DNS Proxy object, I find: "Failed to resolve domain name: <domain

IPSEC Pass Through

Forgive the newbie question, but I've been searching the documentation and I don't see where I can configure the Paloalto FW for vpn passthrough, specifically ESP (Protocol 50) and even ICMP.  I have some routers that I need to provide NAT for their

Decryption problem with 5.0.7

Hi,

since we've upgraded our PAs (200, 2000), we notice more and more decryption problems with HTTPS websites. The problem appears suddenly, almost all HTTPS doesn't work and a restart of the PA is required to solve the problem...And then, after one o

vpn clients for android and linux

hi

is there any good alternatives out there for connecting linux and android clients to global connect\PA native IPsec vpn ??

And I DO NOT mean that native cisco is OK, the encryption used here has been broken for several years,and are not designed for

I am currently having an issue with captive portal and IE8.

Symptoms: when a user logs in on an XP or Win 7 machine with IE 8 (Generic Windows login) and opens IE they will get "Page cannot be displayed" for any website.  This is not a standard PA "Webpage blocked" message just the standard "Page cannot be di

High Management CPU usage

I have noticed that one my PA 2020 boxes constantly has a very high Management CPU usage. Like now for instance where nobody apart from myself is logged onto it and I am not doing anything apart from just sitting on the dashboard, with my refresh set

'Invalid device' when trying to load a config backed up to Panorama

Hi

I am managing several devices to 3 different Panorama appliances (3 physically separate networks)

I have configured all of the Firewalls  (running 5.0.4 and 5.0.6)  with their Panorama settings and can see them in Panorama/Managed Devices.  The deta

Problem with new internet connection

I've just changed my internet connection to a new one.

Now I've reconfigured everything with the new address.

The issue is that I can surf the web from inside to outside but the NAT to my internal server is someway blocked.

What I can see in logs is:

I r

LDAP and GlobalProtect

Hi,

I am trying to set up Globalprotect.

Would like to restrict the user to a group, but I can not get this to work.

In Authentication profile i have the VPN-group in allow list.

When I logon with a user in this group the log tell me that i have incorrec