SSL VPN with Global Protect Agent 1.2.0 on different port

Hello there,

on a PA-500 we're running our Global Protect portal and gateway on port 8443 according to https://live.paloaltonetworks.com/docs/DOC-3457 .

This worked well up to agent version 1.7.0. Since version 1.2.0 the agent ignores to port configura

Limits of VWIRE?

One can find in the datasheets various limits regarding VSYS (where some models wants an additional license) but what about VWIRE?

Are there any limits regarding number of VWIREs one can use for each model (I assume the VM-models doesnt support VWIRE

BGP config PAN-OS 5

Hello,

I was working on a BGP configuration on a PA 500 running PAN-OS 5. It is an internet connection plugged directly into the firewall. (Its an ethernet hand-off). I couldn't find any docs for v5 so I just hacked my way through it. Is there any ste

Same model for HA to functional properly?

I understand that both firewalls should have the same feature licensing for proper failover, but has anyone implemented HA successfully using two different models? 5050 and 5020 for example? I know in the documentation it states both models must be t

Getting device hostname from PANOS DHCP

Hi,

I'm currently using the PANOS DHCP server to serve DHCP requests to our guest network, as it's seperated on it's own VLAN. I don't want any traffic from our guest network to reach our domain controllers, which serves as DHCP for our other VLAN's.

T

bad vpn connectivity\packet loss ip sec vpn

Hi

I have configured an fixed IP sec VPN tunell on my PA 500. The tunell comes up OK, and I can ping an traceroute an IP adress on the network I am connectod too, through the vpn tunell. But Packet loss lies between 20 and 40 % running ping tests.

We e

Tweaking DSRI

So I keep hearing that disabling DSRI will improve performance.  I thought I read that most vendors do not even offer the option.

What are some guidelines for disabling DSRI?  I understand that incoming to own internal server is probably ok, but what

How does it identify unknown application where about flow logic?

Hello everyone;~

I am very curious

refer to bottom image~

Where is the unknown application where?

I guess that PA App-id check application signatures for the first time

and than If PA doesn't know app, PA App-id might move Heuristics engine;

and If PA try

Is DHCP-Relay ready for GlobalProtect GW yet?

Last discussion on this topic was in 2010.  Is there any update on DHCP-Relay (IP helper by any other name) binding to GlobalProtect clients?

Can a A/A Floating IP be set to the interface IP ?

Hello - In the VRRP world, I can have 2 devices active with a single IP (VRRP IP address ) active only on 1.

I have a situation where I need to vsys a box (L3 & Vwire)    The vwires are replacing Tipping point IDP's , with active traffic, so I need Ac

Any experience with MediaFire?

I have an end customer who was attempting to download a file from mediafire (also known as causeway.com). His policy allows the mediafire application, and the initial connection is made, so the web site is accessible.

If he is provided with a download