SSL Forward Proxy - Best Practise?

Can anyone point me to a document or some guidelines on current recommendations/best practise when using forward proxy please?

I have the SSL certificate in place on my clients, my main target is SSL traffic to higher risk URL categories such as web b

Policy order

Is it important to have the Antivus, Vulnerability and Anti-Spyware rule as the first policy?

thanks

URL and Threat filter before reach squid caching

Dear All,

We have an existing squid proxy which going to use as a proxy caching and we want to use PAN to perform url and threat filteration in between user and squid proxy.

The end user browser proxy has been configure to point its proxy setting to th

Differentiating between an Error and a URL Filtering Block for Customizing the User Experience

Hello,

    I am working on customizing the user experience on the PAN's that we are installing.  I would like to be able to have a different look and feel when an "error" occurs rather than when a website is blocked because of the content (ie the webs

Maximum sessions for Captive Portal

Hi Guys,

On a PA-500, is there any specification for the maximum number of sessions or user logins at any given point of time for Captive Portal users?  Enquiring because, there is a known environment (school with boarding as well) (staff and student

PAN Agent stability

Hi All,

Is there anybody meets PAN Agent stability issue?

We always install PAN Agent version 3.1.2 on Windows Server 2003, but at lease tow customer meet the issue.

PAN Agent service is down once 1to3 weeks

No advnaced log can be found no matter debug i

PAN - DHCP option

Hi All,

I'm working to configure the PAN (4.1.2) DHCP, hopefully to replace the legacy DHCP server for the LAN.

My LAN consist of both data and voice on few vlans.

I would require to insert the dhcp option code of 176 & 242 for the ip phones.

But doesnt

Http-proxy application and applications in URL Filtering log

Hellou!

I have installed Palo (in tap mode) in front of MS TMG proxy.  In attachment I put a picture with the applications he recognizes. Http-proxy application is always the application with the most received bytes, but Palo also recognizes other app

ThreatID 33542 and Facebook

I'm seeing a lot of alerts in the last couple days for threatID 33542 when users are visiting facebook via http://www.facebook.com/

Could this be a false positive?  Anyone else seeing a jump in this threat?

Tnx, Tom

Data Filtering Patterns

Does anyone know the logic used to interpret data patterns/filtering expressions?

By this I mean, if I have two patterns:-

Confidential\\Eyes-Only     (exact match Confidential\Eyes-Only)

and

Confidential\\.+               (wildcard match Confidential\*)

Difference between session start vs end when doing DENY

The difference (generally speaking) between "log on session start" and "log on session end" (for ALLOW rules) is that the "session end" will also log application and trafficvolume however it will not show up in the log-files until the session really

Large User-ID Deployments

All,

We're in the process of migrating from a WCCP Proxy implentation for URL filtering to the Palo Alto solution (LOTS of work needs to be done obviously!) and we're starting to work with the User-ID Agent and have some questions..

First, I'm curious

Custom Block Page

Hi

I'm finding it really difficult to upload a customised url block page. Each time I do it only the default page appears. Out of around 20 times of uploading the edited txt message (custom block message) it's only ever updated to the new message on