Resolved! flow_inter_cpu_nat_mismatch

Hi All,

   Noticed this Global Counter incrementing on our 5060 platforms ( running 4.1.x code ). When messing with the command "set session processing-cpu" and pointing all new sessions to a single CPU the counter stop incrementing (makes sense, no i

Resolved! Routing Daemon

Hi All. Could you please let me know the routing daemon used in Palo Alto firewalls.

Thanks in advance.

Hari.R

Resolved! DHCP - Getting info on allocated IPs

We have our PA-500 setup on our company's public network.  This network is used by employee's personal machines and clients machines when they come into our office.

We have run into a few situations that we can see someone is most likely infected as t

Resolved! IPSEC-Tunnel Monitoring "tunnel-status-down"

I`ve created some IPSEC-Tunnel .

Now I try to monitor the connection using "Tunnel Monitor" option.

During the commit off the configration to the applince I'll see in System - LOG:   

example:

     10/10 11:26:52 vpn; informational;  tunnel-status-up; V

Resolved! PanOS 5.0 on-device User-ID agent

Hi,

I have installed a PA200 with PanOS 5.0.2 and on-device User-ID agent. I have connected my device on a network with a DC Windows 2008R2 and I have configured User Mapping and Group Mapping Settings as explained in the Getting_Started_Guide_PanOS 5

Resolved! Problem with interzone U turn NAT

Hello,

I followed the instructions in the paloalto "understanding NAT-4.1RevC" pdf for implementing U turn NAT.

It works when I try to access a server in the DMZ from the trusted zone via it's public untrusted IP.

I have now a web server which somehow t

Resolved! Physical connectivity validation on passive device

Hello,

We use vsys on our PaloAlto cluster. During a new vsys deployment, I would like to validate that the passive device's physical connectivity to a switch is working.

But I don't wish to launch a failover just for this, because it could impact the

Resolved! GP agent takes 30 seconds to connect

Hello

We are currently testing the GlobalProtect VPN client. One issue that bothers us is that the GP agent takes more than 30 seconds to connect to the gateway. Is that really the time it takes to establish a tunnel? Our earlier PPTP solution took 1-

Resolved! How does the firewall work when they received unknown-user's packet?

Hello, Guys. Nice to meet you.

I'm testing User-ID in PAN OS 4.1 and USER Agent 4.1.

There's something curious situation during my lab test.

I've deleted all ip-user-mapping information with 'clear user-cache all'.

So all users is unknown to firewall.

But

Resolved! Vulnerability

When you add a custom vulnerability signature to the Palo, is it added to the default vulnerability profile by default?

Resolved! Inbound SSL Inspection with mis-matched certificates (or SSL handoff)

Hi,

I'm kind of expecting a no to this question, but I noticed whilst setting up inbound SSL inspection for a client the other day that if the Cert on the Palo Alto and the cert on the SSL web server do not match then the firewall will refuse to decry

Resolved! Can anyone explain this vulnerability in more detail "Service Enum Through SMB ServiceEnum2"

I am trying to find more detail on what this vulnerability is and what could possibly be triggering it in a Windows Server environment.  I am thinking that it might be a mis-configured service or application native to Windows Server but looking for a