Skype requires 'unknown-tcp'

Why is 'unknown-tcp' an application dependency of Skype,  is it possible to remove a dependency from a pre-defined application.   Or do we have to setup an application overide?

I don't really want to allow unknown-tcp 'apps' just to allow someone to u

DHCP Relay not returning address from MS AD DHCP Server

We setup a DHCP relay to a MS 2008R2 DHCP server, server recieves the relay and passes a client address back to PA 2050 running 4.1.3, the address does not get passed through to client, logs show only thr DHCP request going out but nothing back, no b

Possible solution to slow commit

Hi, regarding of the desperately slow commits in PA specially with a large number of rules and object. From our experiencie in other systems the rule shadow check is a very high CPU feature. It's sure that PA do a rule shadow and this it's in concord

The people complain about slow commit

Whenever we make a PoC, Everybody complains about slow commit.

As far as I know, the traffic is not effected during the commit.

But people request faster commit

First, How can we explain slow commit to people technically.

Secondly, Is there any plan to

Block file transfers in RDP connections?

Is the RDP application visibility granular in that we can figure the PAN to allow remote desktop connections but disable the mapping of local drives to prevent file transfer? 

User ID dissappears

On the monitor window I can see that a large number of our users are showing their AD "user".  However, when I filter by the IP, I am finding that a "user" will be associated with an IP and all of the sudden the "user" dissapears even though the traf

USE IDENTIFICATION WITH 100 PAN AGENT

Hello,

I must use 100 PAN AGENT (limit of product) for a project. Someone have already test to use 100 pan-agent ( 25 by VSYS*5)?

do you know if the Palo alto (PA5060) work fine with this number of pan-agent.

regards,

ALLE

PBR IN HARDWARE?

Hello!

just a little question on PBR!

PA4020 support PBR in HARDWARE? Which Limitation For PBR?

thks,

ALLE

Pros vs Cons with PAN?

I guess it would be a bit biased to ask for Pros vs Cons of PAN in the supportforum of PAN  but I recently stumbled upon an article (which I wish to share) regarding PAN which I think might be of interrest for most of us in this forum:

http://www.cym

Reports based on Specific Departments

Hi Guys,

Is there any way on the Palo Alto Firewall and Panorama to generate a Custom Report based on Departments from an Active Directory.

For example; me as a user Kal is a part of the Technical Department.  Will it be possible to have a report on so

User identification not working properly

Hi,

we are facing the issue that the user identification is not working properly.

I am running PAN OS 4.1.4 on a PA-200 device and User-ID-Agent 4.1.4-3 on a Windows 2008 R2 member server.

The UI agent is connected to both the DCs (Windows 2003 servers

Connecting a videoconference to PAN without using NAT

Hello All,

I have this small question here that I hope can find answers or suggestions.

Currently we have a videoconference unit that was connected to the internet via NATting in the PAN ? I am wondering if there is a way to make it non-nat by connecti

application vs url categories dependencies

I want to allow access to Twitter, but block all other social-networking services.

The obvious approach is to allow the Twitter application and then have a rule blocking the social-networking category for web-browsing and ssl, but this doesn't work, T