Help required to convert Cisco ASA NAT rule onto Palo Alto

Hi Guys,

I am not expert in reading or understanding the Cisco ASA NAT rules and I have just started to feel comfortable with Palo Alto except for NAT rules.  Can someone please guide me through on how to go around configuring the following Cisco ASA

how to configure PAN to work as proxy

Hi There

We have this problem after implementing PA-2020, we are facing the slow ness of our internal web site, before we were using ISA 2006 proxy where we can add exception in the Policy Management put now we could not implement proxy in pan and we

IE8 and captive portal

Users are getting "can not display web page" in IE and "connection reset" message when using firefox when opening the browser up and captive portal is attempting to redirect them to the authentication page or the "block-continue" page. Has anyone not

UserID Exclude Not Working

Hi,

I have a problem where the 'User ID Exclude List' setting within the Zone setup on a Palo is not working.

I have set my UserID agents to collect events from all IP addresses, then want to filter them on the PA itself as this seems the most logical

2050 running high dataplane CPU

Our PA-2050 is consistently running at 70-85% on the dataplane CPU despite running at 1/5 of the advertised maximum specs (40-40k sessions and 100-110mbps). I understand that the specs listed are best case scenario and don't expect to get close but I

User-ID on incoming connections

So, we are currently using the user-id agent to monitor our CAS exchange servers. This is working great for identifiying our internal users hitting exchange from the inside. However I would like to begin identifying users that are accessing the CAS s

Inter-VSYS communication using two vr's, 4.1

Hi.

Is it possible in PAN OS 4.1 to send traffic between two VSYS when the interfaces are not in the same vr?

Thanks

IPSec Tunnel QoS

I have a PA-2050 running 4.0.7. I have an IPSec tunnel that runs between 2 sites (one is a Palo, the other is ??)

I would like to guarantee some level of bandwidth available for this tunnel, to ensure that it gets a level of priority at least over bas

Is HTTPs traffic correctly rdirected in PANOS 4.0.8?

Hello,

We have an issue with captive portal not correctly redirecting https traffic. The https traffic is sometimes allowed without redirection to the captive portal, and sometimes dropped, without any logs, the only way to see the issue is to make pa

filter ssh v1

Hi

I have a request to filter in the firewall ssh v1. Is there any way to identify and filter ssh v1? can the firewall identify ssh v2 some way?

Nested Palo Alto Object Groups

Hi,

Does anyone know if there are any recommendations on the use of nested groupings within PA policies - specifically the PA objects?

In terms of maintaining 'easy to read' policies I wanted to make use of nesting to keep the policies simple, which wi