Vwire NAT

I am trying to setup NAT with vwire.  According to Palo Alto this is possible with PAN OS 4.1 and I am on PAN OS 4.1.6.  I have setup NAT with L3 on the PAN devices so I have an idea on how to do this setup.  When I setup NAT policy on the PAN device

Using Purchased Certificate for SSL-VPN Portal/Gateway

We have our GP portal/gateway externally facing. We’ve designated a host name for people to access the portal so they don’t have to remember the IP address - from both Untrust and Trust Networks. Currently the portal throws a certificate warning in i

Active-Active or Active-Passive

Currently, we have two PA 2050s each hooked into a Brocade FCX switch, which are stacked together. We cando a heartbeat connection over our datacenter's switch, so if one of our drops fails, it will failover. However, reading through the configuratio

System and Configuration logs are missing

I'm not sure what happened, but the System and Configuration logs are not showing up under Monitor>Logs.  Do I need to (re)enable it somewhere?

Hide Public IPs

I've been getting a lot of traffic from 'unfriendly' countries trying to gain access to a service we provide via one of our NAT'ed public ip address. I know for a fact they have no business connecting to that service. Is there a setting on the Palo A

VWire

I have configure a 2050 in a vwire configuration can I still utilize layer3 on the device.  From what I have been reading if I configure PAN device for vwire then the device cannot due any layer3 funcationality.

Any updates on when 4.1.7 will be released?

Last i heard it was going to be released end of June...

SMTP traffic mis-classified as FTP ?

The other day we discovered that our SMTP server was unable to send email to the silvacom.com domain.

The problem was traced to our PAN rule which allows only SMTP traffic to eminate from our email server, on the application-default port. All attempts

amount of traffic before "unknown application" is determined

Hi,

my questions deals with the application detection. As far as I know the heuristic engine is the last possibility after application signature and decoders weren't successful.

But does anybody know how much traffic (bytes or packets) will/can run thr

SSL-decryption slow

Hello,

So I have tested SSL decryption today, and I made it work. But for some reason some of the webpages that are being decrypted are extremely slow. Facebook and even support.paloaltonetworks.com are two of them.

I exported a CA certificate from our

User-ID issues with multiple domain controllers

Hi,

I have a few questions about how the user-id works that I have been unable to solve.

We are currently rolling out a lot of virtual systems to our customers in a MSSP environment and as you can imagine coming across some strange server setups.  This

default action = alert?

In browsing through the default actions for vulnerabilities, spyware and AV I see that the a lot of the actions for HIGH and CRITICAL severity events is just Alert.  I expected a lot more blocking, dropping, and resetting.   (half of High and >10% of