Palo updates

Hi

I have just setup my Palo but it cant access any of the update servers, i have a security rule which is source trust zone des untrusted

my trusted zone is on a 10.x.x.x range

my un-trusted which connect to the isp router is a 213.x.x.x range,

VPN setup 4.1.6

is there any documentation for setting up VPN on 4.1.6?

I took a look but couldn't find anything recent.

Thanks.

Running Captive Portal with no SSL/Certificate

Hello

I am running Captive portal successfully with HTML/POST based authentication. However as I only have a self signed certificate this generates a warning in the users browser.

There is no requirement to encrypt the username/password submit to the p

App statistics very different between CLI and GUI

I ran the command 'show system statistics application' on the CLI of our PA-4020 at the Internet border and see these results....

Virtual System: vsys1
application                      sessions   packets      bytes
-------------------------------- -----

PAN 500 Locked Up Today

So, today, when basically nobody was on campus the PA-500 decided to lock up.  I could not connect to it at all and it was not passing traffic through.  Looking at the logs, it appears as though it locked up at 3:02 a.m. on Monday as there was no tra

HA Active/Active,..

Hi Team,..

Attached is the scenario for HA Active/Active,..Is it possible to configure IPSec and SSL VPN in this Scenario?

The external interfaces of each PA firewall is directly connected to ISP routers and have configured defferent public IP's on bot

Shared Gateway and VSYS

Hi,

I've a basic setup with TWO vsys with separate vrouters on each vsys (Maketing and Sales ) and a shared Gateway. Some vpn Tunnels terminating on my shared gateway.

I need to implement some static NAT rules for my VPN tunnels, so far so good.

Routing

Brightcloud tagging Yahoo sites as Phishing and Fraud

Greetings!

Today I received several helpdesk calls concerning yahoo! mail not working. Logs show that the 'yming.com' site that yahoo! uses is being flagged as a 'Phishing and Fraud' site.

I know I can report it (24-48 hour fix) and can manually unbloc

Allow download of file types that show as ZIP

Hello,

I have had a few instances where I've needed to allow certain files types through the data filter.  One annoying case was native Office 2007/2010 documents that end in x.  What I did was add it to my file blocking profile with the action of ALE

4.0.9 to 4.1.6 - Issues to be aware of?

Are there any known issues to be aware of if I wanted to go from 4.0.9 to 4.1.6?

We had an issue when we went from 4.0.9 to 4.0.11 where the dataplane on our PA-500 randomly rebooted several times and support's initial suggestion was to do a factory r

Dual/HA IPsec tunnels with 2 ISPs ?

Hello,

I have 2 PaloAltos, one is running on robust and redundant Corp internet ISP, another one on a remote location with 2 public  ADSL (and miserable quality ofc !). My goal is to have a redundant IPsec link between the two PaloAltos :

How would you

arp/mac cache limits - any plans to increase them?

Palo Alto seem to have the lowest arp/mac cache limits of any firewall I've ever come across.

Are there any plans to increase the limits please?