bad vpn connectivity\packet loss ip sec vpn

Hi

I have configured an fixed IP sec VPN tunell on my PA 500. The tunell comes up OK, and I can ping an traceroute an IP adress on the network I am connectod too, through the vpn tunell. But Packet loss lies between 20 and 40 % running ping tests.

We e

Tweaking DSRI

So I keep hearing that disabling DSRI will improve performance.  I thought I read that most vendors do not even offer the option.

What are some guidelines for disabling DSRI?  I understand that incoming to own internal server is probably ok, but what

How does it identify unknown application where about flow logic?

Hello everyone;~

I am very curious

refer to bottom image~

Where is the unknown application where?

I guess that PA App-id check application signatures for the first time

and than If PA doesn't know app, PA App-id might move Heuristics engine;

and If PA try

Is DHCP-Relay ready for GlobalProtect GW yet?

Last discussion on this topic was in 2010.  Is there any update on DHCP-Relay (IP helper by any other name) binding to GlobalProtect clients?

Can a A/A Floating IP be set to the interface IP ?

Hello - In the VRRP world, I can have 2 devices active with a single IP (VRRP IP address ) active only on 1.

I have a situation where I need to vsys a box (L3 & Vwire)    The vwires are replacing Tipping point IDP's , with active traffic, so I need Ac

Any experience with MediaFire?

I have an end customer who was attempting to download a file from mediafire (also known as causeway.com). His policy allows the mediafire application, and the initial connection is made, so the web site is accessible.

If he is provided with a download

Can PAN block proxy traffic originated from other country?

Hello guys

I'm trying to block some traffic originated from other country. PAN can block those traffics with its source address and regional info. But what if they use some kind of proxy(like ultra surf) to disguise its original source ip and change i

Pan OS 5.0

i have set up Palo Alto to send logs to syslog server.

Yesterday i have seen something unusual in THREAT,url log?

The length of the URL is 1044 bytes but in the Palo Alto log i can see some of the bytes is truncated?

Original URL:

http://s.youtube.com/ap

Migration from an Cisco ASA 5510 to a PA 3020

IS there a step by step of the best way to migrate from a Cisco ASA 5510 to a PA 3020. We are replacing our current ASA 5510 with a PA 3020.

with Net Optics bypass switch deployment

Hi,

The bypass switch detects heartbeat from Palo Alto firewall to determine if it is alive.

What happens if, by any chance,  PANOS become unresponsive but the hearbeat ping is still alive? will the bypass mode be ON?

anyone having this experience with

Anyone know of an official PA supported equivalent to the Check Point Web Visualization Tool?

See here for examples:

Exporting Check Point configuration from Security Management Server into readable format using Web Visualization Tool

http://www.checkpoint.com/techsupport/downloads/docs/firewall1/r54/WebVisualizationTool.pdf

We're getting ready