GlobalProtect OnDemand mode

Hello,

We use PAN OS 4.1.1 and GlobalProtect 1.1.0, free version of GlobalProtect.

We have configured GlobalProtect in OnDemand mode.

When the GlobalProtect software starts it connects to the PA and try's to logon with the stored credentials (Username /

Exploit:Win32/Pdfjsc.ABS will not recognized

The new PDF Exploit "Pdfjsc.ABS", which travels with a lot of Emails (for instance: "Here is the new Elster program" - Elster is the name of a german tax program), will not recognized by PAN-Firewall. Neither on Email nor on Webtraffic, so i can atta

incomplete action

hello

we have our own web server which we host web sites from

I have setup my incoming nat rule follow

source zone = untrusted

des zone = umtrusted

des address = my internet port ip

service = service-http

des tran = my local web server ip

Security rule

sou

High Dataplan CPU PA2050-4.1.6

I have only 28,000 active session at this time, which isn't a lot, and my CPU is roughly between 70-80% constantly.  We are in our summer semester at school which doesn't have a lot of users on our network. I am nervous when people return in the fall

Palo Alto 2020 doesn't close session when using AD authentication

Hi,

This might be a really easy thing I have missed but when we try to authenticate against our AD users instead of strictly by IP and zone it works fine the first person to log on. But then if you log off and someone else with less privilages logs on

Do the PA's cover this ?? Microsoft Security Advisory (2718704) Unauthorized Digital Certificates Could Allow Spoofing

Just wondering if the PA's have this vulnerability covered and if so where do I look to find out myself.

What 's meaning of "User '' failed authentication. Reason: Thread limit reached"

Hello,

I used Captive Portal in my environment. I found log "User '' failed authentication.  Reason: Thread limit reached" show on my system some time when the Captive Poratl page fail to logging in.

Which Thread has limited by the system. Could you pr

Skype & unknown traffic

Hello PAN,

It seems to me that in order to have skype working correctly - particually with multi-site PA's with Site2Site VPN tunnels in between - it is nessesarely to enable both unknown-tcp & unknown-udp.

At least - all our connection problems / deli

Getting Syslog in through PA 500

I have a router just outside my PAN 500, ver 4.0.5. I need to get syslog information in from it for my PCI requirements. Here is my setup:

The following objects are defined:

INT-NPM               Syslog server, IP address 172.15.10.8

TWC-RTR            

URL logging in TAP mode

I have a business requirement to log URLs visited in an "out of line" manner for reporting and usage. There is no requirement to block URLs and it would be of great advantage not to use VirtualWire at this stage(still in pilot).

I understand it is not

Multicast Support

Hi Guys,

Does PAN support IP multicasting to allow one IP packet to be sent simultaneously to multiple hosts for use in multimedia applications and video conferencing?

I did read somewhere that multicast forwarding / routing is now supported from versi