Dual/HA IPsec tunnels with 2 ISPs ?

Hello,

I have 2 PaloAltos, one is running on robust and redundant Corp internet ISP, another one on a remote location with 2 public  ADSL (and miserable quality ofc !). My goal is to have a redundant IPsec link between the two PaloAltos :

How would you

arp/mac cache limits - any plans to increase them?

Palo Alto seem to have the lowest arp/mac cache limits of any firewall I've ever come across.

Are there any plans to increase the limits please?

Negative lookahead regular expression not working

Hi

Bit of an advanced regex feature, but I would like to set up a custom vulnerability signature to detect browsers (user-agent) that are not Internet Explorer. True, one could detect Firefox specifically, but there are so many different browsers in t

SSL decryption and Http redirection

Hi,

I am testing SSL decryption and it seems to work fine  except when Http redirection is involved. E.g. when you try to connect to Https://gmail.com , google redirects you to https://www.google.com and it gives me a certificate error because of the

SLOW INTERNET

Hi GUys ,

I`m deploying a PAN.

Everything is OK , COnfiguration , URL Alerts , AV , AS everything on ALERT MODE.

But my problem , after COnfigure a L3 INterface to receive IP via dhcp client from my ISP router , my connection with internet becomes very

Antivirus Update Frequency

Is this specified anywhere?

I can't seem to find where the antivirus update schedule is stated explictly.

Or is it just part of the weekly content updates?

HA Active/Active

Hi,

Can anyone tell me if HA Active/Active on a PA-500 requires three links in total? As there are limited ports on the PA-500 this may cause an issue.

Also, if this the case - is there any option on having an IPSEC VPN terminating on the passive firew

Blocking traffic from another country

Hello,

We have an Extranet server which sits on our DMZ... http and https are allowed through the firewall so that outside users can access the web app on that server.  My server admin asked me if I can block all inbound traffic from China and Taiwan

Interesting RSS feeds or blogs?

I am curious as to what blogs, RSS feeeds and/or forums others follow regarding security/corporate level firewalls/etc.

Side note:  Unless I am missing something, the RSS feeds in PA support don't work.

Thanks,

Bob

Exchange Load Balancing

Hello,

Basically the scenario is that we have one exchange server behind the firewall, external users are accessing this server usning a host name mapped by a service provider to two different Public IP's using DNS round robin,

Is it possible to config

Very strange problem with connection

Very strange problem
Hi,
have paloalto PA-500.
I have three internet providers.
I have many branch offices (40).

my case

4.1.0 software
from all branch office we ping WAN1, WAN2, WAN3 is OK

the weekend I did upgrade the software to version 4.1.3
from all bran

PAN and NetMotion

We run our NetMotion connections through the PAN for our mobile clients.  The troubled moblle application receives dispatch information from our CAD application and since switching to the PAN from our previous firewall the delivery of this informatio