Upgrading 4.07 to 4.1.2 in HA environment

The following change log may be useful to all of you wondering how an upgrade goes in an HA active-passive pair. It would be nice if PAN support were to put this into a tech note. Each step is essentially a check or an observation from top to bottom.

Reports - i cant see source ip complete.

Hi,

I have a PAN-2050 (Software version 4.1.5) and i have configured a predefined report with diferents tops (top 5 connections, top 5 destinations, top 5 applications). The problem is that when i dowload and see the PDF with the report i cant see the

Agentless User-ID not processing ingore-user list

I've been working on trying to configure all the firewalls with the Agentless User-ID setup but despite several attempts to enable it I cannot get it to ignore users.

I establish a session and enter config mode and type in the command set user-id-coll

SSL VPN client is sending the PA traffic with other local interface IP

I realised that some traffic from several remote clients is going through the firewall with another remote-local IP address, different from my remote assigned-pool. Obviously, this traffic is beeing dropped. It happens with users accessing correctly

Intermittent Group Membership problem

We are currently having a problem with a new domain where the group membership intermittently disappears.

If you run the command "show user user-IDs match-user domain\" (4.1.x) or "show user pan-agent user-IDs match-user domain\" (4.0.x) it shows use

BGP Route Table

So in discussions with a few customers the BGP functionality has come up when peering with ISPs and replacing dedicated BGP equipment.  The route table size on the PAN5060 is roughly 64000 routes.  Most Universities have tables upwards of a 1/2 Milli

two factor authenticaton tokens with PAN firewalls...

I am looking for a two factor authentiction solution for PAN firewalls (Global Protect).  particularly interested in a Mobile phone base app to provide security token or OTP to authenticate users via Global Protect.  Anybody have any good or bad expe

Global Protect Client

Hi

I'm using radius (rsa) to authenticate GP users and can't get me head around the GP client configuration - specifically the section where you need to put a username and password. How can this be possible when the RSA token changes every minute?

Can

Policy Based Forwarding (PBF) problem

I’ve got problem with policy based forwarding. I have 2 ISP - traffic to the 1st ISP is forwarded by pbf, to the 2nd – via default route. PBF rule monitors the remote target’s IP and availability of nexthop address. My question is: how the pbf is che

How to Lock down Search Engines to Safe Searches

Here are some custom vulnerabilities and one custom application I wrote to block unfiltered (Bad) searches on the big search engine sites.

These were written in 3.1.0 software.

UPDATE: See attached for 4.0 version of these vulnerabilities and custom ap