no fpga memory for dfa

Hi all,

I get some warning message as below, is there anybody meeting such messages?

What does it mean?

Nov 08 15:08:57 Warning: pan_fpga_alloc_dfa_partition(pan_fpga_handler.c:909): no fpga memory for dfa, subtype 2 size 180

Nov 08 15:08:57 Warning: pan

Blocking Downloads - Real World Examples?

We currently use our PAN in quite a dumb way where most internet access for end users is controlled by a single rule at the top of our rule set which simply allows https/https as outbound services, we don't block/allow specific applications but we do

Ipad detection

We've configured the PA500 to accept IPAD connections using IPSEC, but is there a way to detect the fact that an Ipad is connected using HIP rules?  We would like to only allow traffic to certain systems.

Version PA OS = 4.1.4

Clearing URL Continue Timeout

Hello,

   Converting from BlueCoat ProxySG's to PAN URL Filtering... Within a BlueCoat environment when you "coach" a user... you can have the Bluecoat use a cookie to tell when next to "coach" the user.  This can be cleared by deleting cookies...

   C

Destination NAT with PBF

Hello all,

I have a question if Destination NAT with PBF is supported.

I have two site A and B. All internet bound traffic is supposed to go out site A. Site B sends its traffic over a VPN tunnel to site A due to a default route. There are however some

Problem with certificate after upgrading GlobalProtect 1.1.7

Hi everybody.

Up to now, I've had working a Globalprotect configuration, with only a Server Certificate, and it worked very well.

After upgrading to version 1.1.7, I've received the message: "The paloalto.xxxxx.es certificate is not signed by a trusted

What is the maximum number of custom url category in PAN device?

Hello,

What is the maximu number of custom url category on a PAN device?

Regard's

NTop NetFlow

Hi all,

Does anyone have experience feeding NTop via NetFlow from their PA firewalls? I have it setup and sending flows but NTop sees all of the received flows as either "Flows with zero byte count" or "Flows with zero packet count" and discards them.

IPS - set up packet logging

Dears,

I would like to know if there is a possibility to collect some packets before and after the packet that trigged the attack signature

it will be helpful in case of troubleshooting and confirm if this attack is a false positive or real attack( kno

SNMP/QoS Questions

I had recently configured a Cacti server to monitor my bandwidth usage of my PA-500.  All was working fine for a few weeks until I worked with support to configure and enable QoS to monitor bandwidth on the PA-500 without actually implementing QoS. 

Configuring the firewall time-out values for HTTP(S) requests to the Exchange Server Microsoft-Server-ActiveSync virtual directory

I have getting 1040 event id on the Exchange 2010 CAS server. Event details as exampled below.

Log Name: Application

Source: MSExchange ActiveSync

Event ID: 1040

Level: Warning

User: N/A

Keywords: Classic

Description:

The average of the most recent heartbeat