GlobalProtect - Linux VPNC self-signed cert

Hi all,

Any one knows whether we can just use self-signed cert in Linux VPNC without using the Pre-Shared Secret Authentication? Or it is a must to use the Pre-Shared Secret Authentication?

Than

When I connect PA 3020(5.0.4) the upload and download speed degrades severely?

Currently we are running Cisco ASA firewall which is connected to the ISP. When the ASA is connected we get an upload and download speed of 100MBX100MB.

Whenever I connect the PA 3020 the upload speed falls to 10Mbps and download speed to 70Mbps. Has

CLI FTP Export Log URL Issue

I'm trying to run a report on user activity via the webfilter for a particular user. I would use the GUI but the the GUI is only allowing me the last 500 hits (via a custom report). If I go to the actual monitor and try to export I get a server 500 e

Running mutiple OSPF instances on on virtual router ?

Hi,

Can we run multiple OSPF instances on one virtual router ?

In cisco we can run two OSPF processes for example ,

router ospf 100

router ospf 150

Kind Regards,

Sunil

User mapped via CLI but no through Web-UI

Hello all:

I am trying to configure an user in a security policy but when I write the first 4 letters of his username it doesn't appear (screenshoot attached). However, it does appear throug CLI:

admin@PA1(active)> show user ip-user-mapping all | match

zip file blocking is also blocking docx files

The organization policy is to block ZIP file types.

We are having problems with docx file type which they are a ZIP file but in the file blocking profile I can see Paloalto should know how to recognize docx files but we still get drops

i would like to

File Types and Md5 Hashes

I write SIEM content (Mostly Arcsight and Q1), I have found PAN to be very effective in identifying adverse traffic. One thing that would be great, that in addition to recognizing the file type such as "file Microsoft PE File(52060)" which is useful

Another PA bypass

Found this one recently:

http://www.what2code.net/?p=150

http://www.youtube.com/watch?v=wPHeAkv8BaE

Where dns is being used to tunnel ssh traffic through and of course there will be ways to bypass things but how is/will PA address this latest finding?

(a

Ignore_user_list

Hello,

I'm using PAN Agent 3.1.2 on WIN2008 server and somethimes after restart the Ignore_user_list seams to be ignored )user on the lista are still identified by the PAN firewall).

Does someone had this problem ? there is way to have an alert or log

Security policies did not take effect after Sleep Mode

Hi,

Just like to find out if there is a known  issue with Palo Alto and Windows 8 for direct internet policy.  Currently, we have defined a policy in PA to allow AD user to connect to internet.  However, based on my observation, once my notebook goes

Operation Failed: Invalid Sequence

Hello,

I recently upgraded to Panorama 5.1.0 (I know, I'm a glutton for punishment!) and am experiencing an issue when attempting to add items to an application group. We've tested this with several workstations and both IE and Chrome and each result