Destination NAT Mismatch error

Hi I'm configuring a new PA-500 and have it working for source NAT going from Tusted to Internet. Now I want to create a destination NAT rule to allow traffic in to a web server located on the trusted net. I have created a rule almost exactly as it s

User-ID Agent

Is it possible to use the User-ID Agent to scan the logs from a machine configured as an Event Collector.  I have an event log called "Forwarded Events" which holds centralised logon/logoff events for another tool.  It would be good to leverage that

Server profile KERBEROS with group mapping

Hi guys.

I have  a doubt .

When i configure my Kerberos on my server profile , i can`t make group mapping settings to catch my users from AD and make a Policy for them ?

My PAN OS is 4.1.0

In other versions it`s possible to do with Kerberos OR i need to

Multiple syslog servers under one profile

A client has set up two syslog servers as destinations on one syslog server profile, but only one of the servers is receiving data. Is that expected behavior on 4.1.3? The hope was to be able to send syslog traffic to both devices.

Thanks

James

https://www.google.com does not work on 4.0.10

there seems to be a problem with ssl connect from PA to google.

The browsers shows a timeout. It takes a couple of minutes, until i get an entry in my logfile.

The logfile shows an "unknown application" first (which is denied in my company by default)

PAN AGENT CAPACITY BY VSYS

hello,

I have seen the following information for pan agent capacity

Capacity

User Identification capacity limits:

• The PA-4000 series can support up to 64,000 concurrent users; the PA-2000 series can

support up to 47,000 concurrent users.

• Up to 640 grou

Blocking Google Drive ?

Hi,

We are relatively new to Palo Alto appliances, but are wondering if we can block Google Drive already?

We did some searching in the application objects database + on this forum, but we cannot find it for now...

Is google drive available yet for scan

Internals of PAN FPGA/ASIC programming (regarding security rules)

Assume one use a design guideline such as:

ALLOW GLOBAL (dstzone=any)

DENY (dstzone=x) specific log on session end
ALLOW (dstzone=x) specific
DENY (dstzone=x) any log on session start

...

DENY GLOBAL (dstzone=any) any log on session start

Will there be any

Daily packet capture limit

Hello everybody,

can somebody tell me, what this log entry means.

And is it possible to change this limit?

Apr  8 19:24:26

19:24:26,,SYSTEM,general,0,2011/04/08

19:24:26,,general,,0,0,general,high,"Daily packet capture limit (directory threat/20110408\,

question about part of CPU log in mp-mointor.log.

Hi.

I've generated a Tech support file on the PAN device and then look into mp-moniotor log.

I can't understand the part of log during look into the mp-monitor.

question is below.

1. What command have a print like below on the screen?

     i know one of

idle timeout 0 not working?

We have a couple of machines that are set to display the PANOS web UI Dashboard so that we can see the current Risk Factor and System Resources, etc... so we set the Authentication Settings Idle Timeout to 0 so that the sessions do not time out, as i

Demo Rules Examples from Real-Life???

I am looking for documentation of example rules (Real-World rules) much like Checkpoint has if you run their SmartDash board in demo mode.  It illustrates a large corporation's simple to complex rules for about every rule you can thing of.  A novice