URL Filtering - Blocks msn live and yahoo messenger

Hi All,

I wonder if anyone is facing this issue... If you enable web-based-email inside ssl decryption rules, it will also block user to access both msn live messenger and yahoo messenger (this does not happen to skype of course). Even though, the exi

Report: Top URL categories per user

I've been asked to run a report on the web usage of a specific department and I happily generated a report of users from that dept in order of how much data they have used. Then the department head asked for it to be broken down so that for each user

VPN tunnel Site to site failing

hi I had a working VPN tunnel and t was working for more than 100days then all of a sudden it stopped working

and the rrrors i am getting is

IKE phase-1 SA is deleted SA: MY-IP ADDRESS [500]-REMOTEIP_ADDRESS[500] cookie:ea25f2fa99b81f69:000000000000000

what is the processor named webapp3?

Hi

Mgmt cpu was reached to 100% during a hour.

i was look into a reason that why cpu usage hit a peak.

processor named webapp3 was  high usage during cpu reached to 100%. (it was almost 95%)

i don't know what is the role of this processor.
Please let me k

Portal Error when using GlobalConnect client

We have 1 PA-500 which we recently upgraded from 4.0.5 to 4.1.4.

On 4.0.5 we used the NetConnect client for several users without any problem.
Now we upgraded to 4.1.4 we need to use the GlobalConnect client.

So I downloaded and activated the 1.1.4 clie

Missmatch in App/Threat Version HA

My second PA says it use 302-1357.

But It acctually says it have 304-1366:

Both my PA's say they have 304-1366 installed under "Device > Dynamic Updates"

But on my dashboard they say its missmatch...

Any one know what i should do? Everything works fine b

User-ID Agent

Is it possible to use the User-ID Agent to scan the logs from a machine configured as an Event Collector.  I have an event log called "Forwarded Events" which holds centralised logon/logoff events for another tool.  It would be good to leverage that

Server profile KERBEROS with group mapping

Hi guys.

I have  a doubt .

When i configure my Kerberos on my server profile , i can`t make group mapping settings to catch my users from AD and make a Policy for them ?

My PAN OS is 4.1.0

In other versions it`s possible to do with Kerberos OR i need to

Multiple syslog servers under one profile

A client has set up two syslog servers as destinations on one syslog server profile, but only one of the servers is receiving data. Is that expected behavior on 4.1.3? The hope was to be able to send syslog traffic to both devices.

Thanks

James

https://www.google.com does not work on 4.0.10

there seems to be a problem with ssl connect from PA to google.

The browsers shows a timeout. It takes a couple of minutes, until i get an entry in my logfile.

The logfile shows an "unknown application" first (which is denied in my company by default)

PAN AGENT CAPACITY BY VSYS

hello,

I have seen the following information for pan agent capacity

Capacity

User Identification capacity limits:

• The PA-4000 series can support up to 64,000 concurrent users; the PA-2000 series can

support up to 47,000 concurrent users.

• Up to 640 grou