SSL Decryption and Spoofing

If I enable SSL decryption and the PAN effectively works as a "man-in-the middle", the client recieves a cert error saying the certificate has not been generated by the destination server. No problem, as I can add the PAN cert as a trusted cert in my

Facebook-chat not blocking for specific account!!

hello !

I 'have seen on the same PC with the same windows user a strange problem:

when a user  is connected  on his facebook, I can see in the log facebook-chat DENY and the chat is blocked

when the same user is connected with an another facebook accoun

PAN Agent version with PANOS 4.0.9

Hello,

Does anyone know which version of PAN Agent is compatible with PAN OS 4.0.9 ?

(3.1.2 or 4.1.x ?)

Many thanks.

Gildas.

Dual ISP, PBF and DMZ

Hello.

I have a specific question about certain situation. There is a customer with 2 ISPs, let's call them ISP1 and ISP2. Customer has a single PA device to which both ISPs are connected. Each ISP provides a block of public IP addresses which are rou

Maximum number of UserID Agents for 4.1.x ?

Whats the maximum number of UserID agents that can be configured to talk to the firewall ?

ie. Will the firewall complain if we have 200+ userID agents configured to talk to it?

I know each agent can monitor a maximum of 100 domain controllers.. but ho

static routes

Hi

I have 4 interfaces;

eth1/1 = sub1 -> 10.10.1.1/24

eth1/2 = sub2 -> 10.10.2/1/24

eth1/3 = mpls -> 10.10.3/1/24

eth1/8 = wan -> x.y.z.w

default router on all interfaces

but now I need to route all 0.0.0.0/0 traffic from sub1 over the MPLS (10.10.3.10) and

vsys -> vsys1 constraints failed : Maximum number of virtual systems reached

Hi,

After cloning a rule i had this answer if i try to commit

"vsys -> vsys1 constraints failed : Maximum number of virtual systems reached"

Does someone knows what it means and what i can do?

Thanks

Frederic

Application-based DoS capabilities?

I am seeing several atempts by the same IP address utilizing t.120 to connect via port 3389 to the various Windows Servers that I have with external IP addresses (and, yes, some are actual Terminal Servers).  I would love to be able to configure a th

Need to logout/login to see new signatures?

I think I may have found a bug with PANOS 4.1.1 on PA-5050s where the WebUI will not display new signatures until the user has logged out and logged back in again.

I left a browser (Firefox 10) logged in for several days, using it just enough that the

SSL decryption notification response page. Don't load !

Trying to set up SSL decryption these are the steps ive done:

* Configured SSL decryption rules

* Installed certificated on FW

* Installed cert on client computer with gpo, (yes it removed my warnings about saftey)

But it won't warn the user with the res

Create an App-ID for YouTube in the context of facebook

HI guys I am trying to create a custom App-ID to identify Youtube in the context of facebook, I would like to use this for a possible App QoS.

Dependency is youtube from facebook but defining youtube app in the context http-host-header is too complex,

Importing Configuration from Fortinet

Hi,

I'm experiencing a problem for importing configuration file from a cluster Fortinet 310B. After conversion, i try to load the file, and i recieve a message "File pan_conversion_l3.xml is malformed". I have tried to compare with the first configura