PBF with NAT, how does it works?

Hi Guys

According to document , if there's destination NAT , there'll be second routing lookup to decide outbound zone & interface. But I'm very confused when there's routing and PBF together, In the second routing lookup, how does PBF rule work? Does

Can PAN block proxy traffic originated from other country?

Hello guys

I'm trying to block some traffic originated from other country. PAN can block those traffics with its source address and regional info. But what if they use some kind of proxy(like ultra surf) to disguise its original source ip and change i

Pan OS 5.0

i have set up Palo Alto to send logs to syslog server.

Yesterday i have seen something unusual in THREAT,url log?

The length of the URL is 1044 bytes but in the Palo Alto log i can see some of the bytes is truncated?

Original URL:

http://s.youtube.com/ap

Migration from an Cisco ASA 5510 to a PA 3020

IS there a step by step of the best way to migrate from a Cisco ASA 5510 to a PA 3020. We are replacing our current ASA 5510 with a PA 3020.

with Net Optics bypass switch deployment

Hi,

The bypass switch detects heartbeat from Palo Alto firewall to determine if it is alive.

What happens if, by any chance,  PANOS become unresponsive but the hearbeat ping is still alive? will the bypass mode be ON?

anyone having this experience with

Anyone know of an official PA supported equivalent to the Check Point Web Visualization Tool?

See here for examples:

Exporting Check Point configuration from Security Management Server into readable format using Web Visualization Tool

http://www.checkpoint.com/techsupport/downloads/docs/firewall1/r54/WebVisualizationTool.pdf

We're getting ready

Twinax Cable for PA-5000

Hello everyone,

Has anyone installed an PA-5000 series (PA-5020 and PA-5050) with a standard twinax wire? I want to connect a PA-5020 and PA-5050 to a Juniper SW with a twinax cable (EX-SFP-10GE-DAC-5m), and I want to know if it is possible or if anyo

Terminating multiple IPsec tunnels on an interface

Currenly all routing must take place on our core network. (due to backup ipsec tunnels and faster MPLS circuts)

Here is what we want to do but I am not sure how to accomplish this.

We have four IPsec Tunnels that we do not want to be routed to each oth

SSL decryption

How would one  implement a man in the middle SSL decryption configuration on the Palo Alto without the client's browser popping up with a untrusted cert message?