Odd App ID

So, interesting thing.  We use a PA-500 for our enterprise guest networks.  We currently have a couple rules that go like this:

1.  Allow guest networks to use Skype / Skrype-Probe

2.  Block guest networks from using Risk 4 and 5 P2P  (this catches stu

Customize url report

Hi everyone,

     I use PAN-OS 3.1.6, I want to customize url report by filter some website don't show in my customize url report. I try use filter by url and operation is "!=" but it doesn't work. How I do it ?

Captive portal authentication with Radius/AD

Hello

     I try PAN-OS 4.1.3, I use captive portal authentication with Radius/AD. I config user in WiFi zone access to any zone must authentication with captive portal. It work normally. But I try set Proxy server and user in WiFi Zone config Proxy I

Drop DSCP marked traffic

Hi,  I am looking for a way to define a DSCP value as a condition for a rule.  I would like to drop traffic that was previously marked before entering the PAN FW. 

Any ideas?

Thanks!

Prevent virus with Data Patterns

We are receiving some spam e-mails that containing links to zipped exe files with malicious code.

All the exe files have in common a series of underscore characters, for example: fattura.pdf_________________.exe or informazioni.pdf____________________

problem of application dependency for security rule

Hi all.

I have a question of application dependency when define a security rule with application.
I’d like to add a security rule for a webex, and webex must requires SSL due to application dependency.
so  I add both of applications webex and SSL in a

Can a Captive Portal Page be Triggered by a Value in the User Agent String?

Hello,

   I am working on setting up URL Filtering on a PAN-5020 as part of converting away from a Proxy. 

   One of our requirements is to authenticate the user on generic login workstations by providing their credentials when they attempt to view a

Global protect excluded networks

Hi all,

there is a method on global protect to send all my traffic into the tunnel, but exclude the subnet range of the customer to remain connected with the office network and browse the web protected from office infrastructure, but with the possibil

IPSec VPN (non site to site)

Is there any document that shows how to configure IPSec VPN (or any vpn rather than SSL) on the PAN?  I am not looking for site to site.  I only found site to site configuration.  The solution will be for clients who can vpn in remotely from everywhe

Source Address/Source User

When both a source address and a source user are specified, is the rule match

1. source address AND source user?
2. source address OR source user?

My guess is #1, but I can't find documentation to back that up.

Thanks,

Bart