Maximum number of UserID Agents for 4.1.x ?

Whats the maximum number of UserID agents that can be configured to talk to the firewall ?

ie. Will the firewall complain if we have 200+ userID agents configured to talk to it?

I know each agent can monitor a maximum of 100 domain controllers.. but ho

static routes

Hi

I have 4 interfaces;

eth1/1 = sub1 -> 10.10.1.1/24

eth1/2 = sub2 -> 10.10.2/1/24

eth1/3 = mpls -> 10.10.3/1/24

eth1/8 = wan -> x.y.z.w

default router on all interfaces

but now I need to route all 0.0.0.0/0 traffic from sub1 over the MPLS (10.10.3.10) and

vsys -> vsys1 constraints failed : Maximum number of virtual systems reached

Hi,

After cloning a rule i had this answer if i try to commit

"vsys -> vsys1 constraints failed : Maximum number of virtual systems reached"

Does someone knows what it means and what i can do?

Thanks

Frederic

Application-based DoS capabilities?

I am seeing several atempts by the same IP address utilizing t.120 to connect via port 3389 to the various Windows Servers that I have with external IP addresses (and, yes, some are actual Terminal Servers).  I would love to be able to configure a th

Need to logout/login to see new signatures?

I think I may have found a bug with PANOS 4.1.1 on PA-5050s where the WebUI will not display new signatures until the user has logged out and logged back in again.

I left a browser (Firefox 10) logged in for several days, using it just enough that the

SSL decryption notification response page. Don't load !

Trying to set up SSL decryption these are the steps ive done:

* Configured SSL decryption rules

* Installed certificated on FW

* Installed cert on client computer with gpo, (yes it removed my warnings about saftey)

But it won't warn the user with the res

Create an App-ID for YouTube in the context of facebook

HI guys I am trying to create a custom App-ID to identify Youtube in the context of facebook, I would like to use this for a possible App QoS.

Dependency is youtube from facebook but defining youtube app in the context http-host-header is too complex,

Importing Configuration from Fortinet

Hi,

I'm experiencing a problem for importing configuration file from a cluster Fortinet 310B. After conversion, i try to load the file, and i recieve a message "File pan_conversion_l3.xml is malformed". I have tried to compare with the first configura

Web Browsing

Hi

We're about to install the web filter licence for the PA. Our current system is a proxy configuraiton via websense. Now that we're going to use the PA for web filtering is the best practise to create a security rule allowing all internal PCs direct

MAC address filter and DHCP enforced...

Hi!

Is it possible to create Policies based on MAC address instead of IP addresses?

Also, can we enforce DHCP clients only mode?  Meaning that the firewall only allows those who obtained IP's from the DHCP server.  Seems like DD-WRT got the DHCP-Author

Captive Portal page to load when user-id is known?

Working on an idea to allow a manner of login/logout for users coming through captive portal auth.

On a system that may or may not be identified on the back-end, I can load the captive portal page URL manually and set/change the user-id.

When I try to