General Topics

Resolved! Authenticating external users to firewall like Sonicwall?

Hi all,

I am configuring a PA-500 for a POC exercise with a customer who is currently using a Sonicwall.

While there are obviously other/better ways to accomplish this and I realize how silly this is, given the limited scope I'm presently working in, I

...

Resolved! Slow VPN throughput after update to 5.0.7

Hello Community

Has anyone recognized some performance issues (extremely slow ip-sec throughput, hanging sessions) after updating to 5.0.7

A Firewall reboot solves this issue, but it's coming up again after some days.

Many thanks

Hannes

Resolved! SSL VPN

Hi,

Noob question: Where is the guide for configuring SSL VPN? Can't find anything in the getting started or admin guides.

TIA

Stuart

Wildfire flow

Hi,

For the desicion flow of wildfire, where is the hash update and wildfire database update ? can someone tell the real place of both in that chart.

Document's very clear but it is written before subscription service was released.

WildFire Decision Flo

...

Resolved! Loopback Interfaces in VPNs

In my configs, I generally reference the actual egress interface on the PAN device. I have run across some configs where the original engineer tied the GP portal to a loopback interface which basically just pointed to the same IP tied to the egress i

...

PA-200 Multiple WANs

Hi,

I'm getting my second WAN line installed this week and need to integrate it into my current setup on my PA-200.

Ideally, I'd like the PA-200 to load balance between the two WAN interfaces so my initial thought is to add the new WAN interface into t

...

HA Questions

Hi all,

I have 2 simple questions:

Q1: proper procedure to physically move the standby firewall PA3020 connected to primary firewall within the same datacenter (need to power off and move)?

Q2: proper procedure to switch the primary to standby and stand

...

Resolved! pa200 ha

Im in the process of setting up a pair of pa200 for ha, ive read through the documentation but im not clear on a few things.

The PA200, if i do an update on the FW for either software of dynamic updates it uses the management port to do the work.

If I

...

Adding Multiple IP's to an External Interface

Hi,

We have 30 External IP addresses, what's the recommended method of adding more than one IP to an interface?

Thanks

NAT Help - Reaching DMZ Server via NAT

Hi,

I'm having an issue setting up my DMZ test environment. My set up is basic and is as follows (IP information is an example) --

e1/1 - Internet (1.1.1.160/28 - ISP assigned)
e1/2 - Internal (10.10.10.0/24)
e1/3 - DMZ (10.10.100.0/24)
DMZ Web Server (I

...

Resolved! Radius Vendor Specific Attributes (VSA)

All the Radius Vendor Specific Attributes (VSA) information I've found hasn't been updated. Do we have a new list if attributes available?

Getting User-ID when using 802.1x Wireless

Hi,

I was wondering if any of you chaps and/or chapesses have come across a problem getting the correct User-ID information when using wireless authentication.

The problem I have is that I have a Palo Alto firewall that happily uses the User-ID Agent f

...

Resolved! Commit error: Server error : vsys -> vsys1 constraints failed : Maximum number of virtual systems reached

Hi All,.

while give the commit,..What is this error,.?

Server error : vsys -> vsys1 constraints failed : Maximum number of virtual systems reached

Even i have not enabled vsys capability.

Regards,

Gururaj

Outgoing Packet Capture To Tunnel

Hi all,

Is it possible to capture the traffic entering a vpn tunnel? Or can you only capture incoming traffic?

Cheers

Resolved! CVE-2013-3893

What is the Vulnerability Signature status?

Microsoft Security Advisory (2887505)

Vulnerability in Internet Explorer Could Allow Remote Code Execution

Published: Tuesday, September 17, 2013

https://technet.microsoft.com/en-us/security/advisory/2887505

Discussions

Resolved! Authenticating external users to firewall like Sonicwall?