General Topics

VWire

I have configure a 2050 in a vwire configuration can I still utilize layer3 on the device.  From what I have been reading if I configure PAN device for vwire then the device cannot due any layer3 funcationality.

Any updates on when 4.1.7 will be released?

Last i heard it was going to be released end of June...

SMTP traffic mis-classified as FTP ?

The other day we discovered that our SMTP server was unable to send email to the silvacom.com domain.

The problem was traced to our PAN rule which allows only SMTP traffic to eminate from our email server, on the application-default port. All attempts

amount of traffic before "unknown application" is determined

Hi,

my questions deals with the application detection. As far as I know the heuristic engine is the last possibility after application signature and decoders weren't successful.

But does anybody know how much traffic (bytes or packets) will/can run thr

SSL-decryption slow

Hello,

So I have tested SSL decryption today, and I made it work. But for some reason some of the webpages that are being decrypted are extremely slow. Facebook and even support.paloaltonetworks.com are two of them.

I exported a CA certificate from our

User-ID issues with multiple domain controllers

Hi,

I have a few questions about how the user-id works that I have been unable to solve.

We are currently rolling out a lot of virtual systems to our customers in a MSSP environment and as you can imagine coming across some strange server setups.  This

default action = alert?

In browsing through the default actions for vulnerabilities, spyware and AV I see that the a lot of the actions for HIGH and CRITICAL severity events is just Alert.  I expected a lot more blocking, dropping, and resetting.   (half of High and >10% of

PAN filtering ssh public key auth?

Hi

I have a host which I can access without password with ssh by public key.

This works fine, but as soon as the traffic goes over a PAN (500), I get asked for the password.

Is the PA500 doing anything special here that I'm not aware of?

Thanks

disable SSL renegotiation

Is there a way to disable SSL renegotiation at firewall level ?

Disabling it server side ( Microsoft Security Advisory: Vulnerability in TLS/SSL could allow spoofing ) breaks activeSync. I'd like to test a different scenario to get rid of the many fal

Default rule - tcp reset/icmp host unreachable

Hello All,

Maybe it's there, in a doc, but I cannot find it...

Suppose I have tiered architecture.

And suppose developer breaks his code and want's to connect to other security zone or to the outside world buth should not, and I want his application to

Accessing brightcloud.com returns block page

We are sometimes getting a block page when accessing brightcloud.com to report a site. The category returned is 'malware-sites'. The logs show that 'service.brightcloud.com' is correct, but 'brightcloud.com/support/lookup.php' and 'brightcloud.com/su