HA Active/Active,..

Hi Team,..

Attached is the scenario for HA Active/Active,..Is it possible to configure IPSec and SSL VPN in this Scenario?

The external interfaces of each PA firewall is directly connected to ISP routers and have configured defferent public IP's on bot

Shared Gateway and VSYS

Hi,

I've a basic setup with TWO vsys with separate vrouters on each vsys (Maketing and Sales ) and a shared Gateway. Some vpn Tunnels terminating on my shared gateway.

I need to implement some static NAT rules for my VPN tunnels, so far so good.

Routing

Brightcloud tagging Yahoo sites as Phishing and Fraud

Greetings!

Today I received several helpdesk calls concerning yahoo! mail not working. Logs show that the 'yming.com' site that yahoo! uses is being flagged as a 'Phishing and Fraud' site.

I know I can report it (24-48 hour fix) and can manually unbloc

Allow download of file types that show as ZIP

Hello,

I have had a few instances where I've needed to allow certain files types through the data filter.  One annoying case was native Office 2007/2010 documents that end in x.  What I did was add it to my file blocking profile with the action of ALE

4.0.9 to 4.1.6 - Issues to be aware of?

Are there any known issues to be aware of if I wanted to go from 4.0.9 to 4.1.6?

We had an issue when we went from 4.0.9 to 4.0.11 where the dataplane on our PA-500 randomly rebooted several times and support's initial suggestion was to do a factory r

Dual/HA IPsec tunnels with 2 ISPs ?

Hello,

I have 2 PaloAltos, one is running on robust and redundant Corp internet ISP, another one on a remote location with 2 public  ADSL (and miserable quality ofc !). My goal is to have a redundant IPsec link between the two PaloAltos :

How would you

arp/mac cache limits - any plans to increase them?

Palo Alto seem to have the lowest arp/mac cache limits of any firewall I've ever come across.

Are there any plans to increase the limits please?

Negative lookahead regular expression not working

Hi

Bit of an advanced regex feature, but I would like to set up a custom vulnerability signature to detect browsers (user-agent) that are not Internet Explorer. True, one could detect Firefox specifically, but there are so many different browsers in t

SSL decryption and Http redirection

Hi,

I am testing SSL decryption and it seems to work fine  except when Http redirection is involved. E.g. when you try to connect to Https://gmail.com , google redirects you to https://www.google.com and it gives me a certificate error because of the

SLOW INTERNET

Hi GUys ,

I`m deploying a PAN.

Everything is OK , COnfiguration , URL Alerts , AV , AS everything on ALERT MODE.

But my problem , after COnfigure a L3 INterface to receive IP via dhcp client from my ISP router , my connection with internet becomes very

Antivirus Update Frequency

Is this specified anywhere?

I can't seem to find where the antivirus update schedule is stated explictly.

Or is it just part of the weekly content updates?

HA Active/Active

Hi,

Can anyone tell me if HA Active/Active on a PA-500 requires three links in total? As there are limited ports on the PA-500 this may cause an issue.

Also, if this the case - is there any option on having an IPSEC VPN terminating on the passive firew

Blocking traffic from another country

Hello,

We have an Extranet server which sits on our DMZ... http and https are allowed through the firewall so that outside users can access the web app on that server.  My server admin asked me if I can block all inbound traffic from China and Taiwan