Global Protect Configuration Help - Windows 7 issues

So I have a few questions.  We have netconnect working just fine for our mac users (PanOS 4.0.4) but we get an error about being unable to build nat interface on all windows 7 clients.  If I enable the global protect feature, do I need to have it ans

Potential firewall performance issues when using FQDNs?

I'm new to Palo Alto firewalls.  I'm setting up a PA-500 active/passive HA cluster, replacing an HA cluster of Sidewinder v7 (McAfee Firewall Enterprise) firewalls.  I know from many years of experience with that type of firewall and from talking to

VPN WITH PIX AND FQDN

hello,

I try to migrate a vpn between pix and palo-alto

when I try to generate traffic I can see the following error :

IKE phase-1 negotiation is failed. When pre-shared key is used, peer-ID must be type IP address. Received type FQDN

I understand that m

Skype only zone configuration...

Hi!

I am trying to setup a zone with Skype only configuration with the following "Application Group":

• skype
• skype-probe
• web-browsing

The end result is that Skype voice works fine; however, Add Contacts feature in Skype doesn't work.

I am testing with the 5

File Uploads to Wildfire

I have seen another thread on this issue in the KnowledgePoint database; however, there was no resolution or answer to the question.  I have setup the Wildfire configuration on all of my PA500's per the documentation provided.  When matching the fil

Anybody successfully used 4.1.3 for direct AD group enumeration?

Just logged a support ticket recently regarding the direct group enumeration in PA 4.1.3 on a PA-5K .

It seemed that the firewall was only returning the first 1000 AD objects.. which is a default limit defined by the "MaxPageSize" variable in Active D

Bittorent session identification

On PA-500 with PAN-OS 4.0.7, I have seen a session on dashboard-top application-last hour, but in corresponding ACC and in Monitor Traffic Log I don't find a record session. There is any reason ? Thanks

After migration from Checkpoint, any tips?

All,

We recently migrated from Checkpoint to PANOS (via the conversion tool) and so far things are looking pretty good. The next step of our project is to convert port based rules to app type rules and I wanted to get some feedback, tips, etc from oth

Service Objects and multiple ports

I have the need to create a rule with three applications, ncp, ms-update and ssl.  Two of those applications use their standard ports - ncp (524) and ms-update (80 & 443).  The ssl application uses port 13000 - not the standard 443.

1. If I create a sing

UID Agent Not Recognizing Docked Laptops

Last week we depolyed a PA500 for the first time and are seeing an issue with certain computers.  The issue is affecting some users who have laptops and are using them on a docking station.  When they are docked the computer essentially has two NICs