Hi,What's the upgrade path to bring Panorama from 4.0.9 to 5.0.3?I'm planning on doing this next Tuesday so you insight would be much appreciated.Thanks
Dears,I am stuck with this problem since the lasts 2 weeks...We have a default rule in our company blocking any social networking, but for some HR users, linkedin should be allowed.I am trying to make a rule to allow some users to access only the linkedin website.Decided this waysource zone > trustsrc add > anyuser > specific userdst zo...
I have multiple virtual systems configured. They are visible to each other. I have policies and external zones in both systems. How do I get the firewall to recognise the packet is going to another virtual system?The documentation shows communication on a diagram with no share gateway. Is a shared gateway need to route traffic between virtual sy...
We are a very centralized company with a lots of decentralized business units.All these decentralized locations are connected to the HQ, but can run their primary business process withouth this connection.This is also a principle we use, so the "primary" proces must always run, even when the connection to the HQ is down.Now we're looking for a D...
I need to migrate about 600 static routes into a PAN box . Does anybody know how I can do this efficiently and quickly . My goal is to copy all the 600 routes into the running cofig .Thanks
HelloI have a question. www.example.com _________|_________ | |www.example.com/sales-team www.example.com/marketing-teamMy customer want function belowThe sales team access "www.example.com" and "www.example.com/sales-tea...
Newb question, but I can't seem to find the answer I'm looking for so I'll just ask..The command 'request restart software' is *JUST* the management software itself, like logging, ssh, snmp, etc, but does *NOT* affect any time of forwarding happening through the box (dataplane), correct?There is the command 'request restart dataplane' which is o...
I've noticed that our 5020 is taking (what seems like)random packet captures. I searched this forum about this, and have read that the PA does do packet captures if the traffic is identified as "unknown-tcp" and "insufficient-data". The traffic I see that is generating pcaps seems random. For example, there are pcaps for "ciscovpn", "apple-pu...
I have a file blocking policy defined to block specific attachments via external web mail portals. I get correct matches for the application and also get successful SSL decryption. My problem is that Internet Explorer v8 clients can still send the attachments even though they show up as "deny" in the logging. The Mozilla Firefox or Google Chr...
is there a way to implement a load balance in our outbound connection using just 1 appliance?
I just recently setup GP and I'm in the testing phase. My tests are failing. The very first time I connected I could ping out to the internet, I could ping devices via IP address inside our network (behind the firewall), and I could ping via hostname. After I connected a second time I can't ping anything except the internet. I have fiddled with ...
Running a PA-500 on software version 5.0.2I was wondering if anyone could point me in the right direction, I'm trying to get a captive portal working that using LDAP groups to provide access through the policy.The LDAP servers are configured ok, as I can browse the OUs and add the necessary CNs, and if I run the show user group name "cn=groupnam...
Hi,I have a problem with some untrusted issuer.For example Microsoft TechNet site (https://technet.microsoft.com) is blocked from my PA500 with this error:Certificate ErrorCertificate name: technet.microsoft.com IP Address: 65.52.103.106 Issuer: MSIT Machine Auth CA 2 Status: untrusted Reason: I downloaded MSIT Machine Auth CA 2 certificate fro...
I'm currently having problems on PAN OS 5.0.1 replicating a standard Screenos MIP configuration. Whereby static nat and interzone/intrazone u-turn nat are all active at the same time.We have multiple zones (5) all of the hosts inside each need to be able to access DMZ servers by their NATd public ip address (multiple dmz zones). Also unfortunate...
HiCan anyone give me some feedback on how to configure my globalprotect client to register/connect when on internal LAN? - so I can help my pan-user agent tag what users are connectedThanks
| Subject | Likes |
|---|---|
| 2 Likes | |
| 2 Likes | |
| 2 Likes | |
| 2 Likes | |
| 2 Likes |
