Wildfire Malware Domain & Palo-Alto Malware Domain Do Not Agree

Has anyone who has been using Wildfire encountered a case where a piece of Malware identified via the WF assessment has had the following in the summary:

"Malware came from a malware domain"

where the applicable URL category returned by Palo (Brightclo

Vwire NAT

I am trying to setup NAT with vwire.  According to Palo Alto this is possible with PAN OS 4.1 and I am on PAN OS 4.1.6.  I have setup NAT with L3 on the PAN devices so I have an idea on how to do this setup.  When I setup NAT policy on the PAN device

Using Purchased Certificate for SSL-VPN Portal/Gateway

We have our GP portal/gateway externally facing. We’ve designated a host name for people to access the portal so they don’t have to remember the IP address - from both Untrust and Trust Networks. Currently the portal throws a certificate warning in i

PA-5020 URL Filtering Throughput?

Hi

Can anyone tell me what's the URL filtering throughput on PA-5020.

Thanks

Nabeel

Active-Active or Active-Passive

Currently, we have two PA 2050s each hooked into a Brocade FCX switch, which are stacked together. We cando a heartbeat connection over our datacenter's switch, so if one of our drops fails, it will failover. However, reading through the configuratio

System and Configuration logs are missing

I'm not sure what happened, but the System and Configuration logs are not showing up under Monitor>Logs.  Do I need to (re)enable it somewhere?

Hide Public IPs

I've been getting a lot of traffic from 'unfriendly' countries trying to gain access to a service we provide via one of our NAT'ed public ip address. I know for a fact they have no business connecting to that service. Is there a setting on the Palo A

VWire

I have configure a 2050 in a vwire configuration can I still utilize layer3 on the device.  From what I have been reading if I configure PAN device for vwire then the device cannot due any layer3 funcationality.

Any updates on when 4.1.7 will be released?

Last i heard it was going to be released end of June...

SMTP traffic mis-classified as FTP ?

The other day we discovered that our SMTP server was unable to send email to the silvacom.com domain.

The problem was traced to our PAN rule which allows only SMTP traffic to eminate from our email server, on the application-default port. All attempts

amount of traffic before "unknown application" is determined

Hi,

my questions deals with the application detection. As far as I know the heuristic engine is the last possibility after application signature and decoders weren't successful.

But does anybody know how much traffic (bytes or packets) will/can run thr

SSL-decryption slow

Hello,

So I have tested SSL decryption today, and I made it work. But for some reason some of the webpages that are being decrypted are extremely slow. Facebook and even support.paloaltonetworks.com are two of them.

I exported a CA certificate from our