General Topics

tftp export timing out

I am trying to use tftp to upload/export the configuration file to an OpenBSD tftp server which is on the same LAN as the PA box.

The address of the PA is 192.168.2.1 and the OpenBSD server 192.168.3.1

The file transfer process seems to be timing out a

PA5050 SFP+ Port LED doesn't work if SFP plugged in?

Hi there,

we have equipped the SFP+ Ports 21-24 with normal 1GB SFPs.

The SFPs are working fine but the Port LEDs doesn't blink.

Is this a normal behavior? Maybe only show light if a SFP+ plugged in? :smileyconfused:

We're running the version 4.0.7

Thanks

Running PAN in FIPS and/or CCEAL4 mode?

Any of you here in this forum who have experience from running your PAN device in either FIPS or CCEAL4 mode (or both - is that possible?)

I only found some brief of what the FIPS mode really means within the "Appendix C Federal Information Processing

SSH Tunnels

I know in order to look inside the SSH traffic to see if someone is doing SSH Tunnels you need to decrypt the SSH session.

I am looking to find out how the PAN decrypts the SSH traffic and what is all involved in setting this up on the firewall.

ALG for Facetime via NAT?

We're running 4.0.5 and Facetime does not work as the packets coming from Apple's servers via the Internet are dropped. I noticed there was an ALG for H.323 in 4.1 but wasn't sure if that was related to Facetime or if there was anothe work around.

How to output cli hierarchical structure

Is there a way to do a dump of the cli hierarchical structure to say a flat file?

4.0.8 Object Name Change Not Updated In Policy

I used to be able to make changes to objects (address/groups/application groups) ect. But now when I made the change I have to go through my policies and NATs and update them manually. Any ideas? Is there an update object option that I'm not aware of

Error message for role based Administrator

Error message when role based admin user is trying to log into UI:

User does not have access to any device groups. Device groups are needed to access the 'Policies' and 'Objects' tab. Please ask your administrator to give you access to one.

---

The goal

Reconnaissance Protection

hi : In regard to the settings for Port Scans and Host Sweeps:

What counts as an event toward reaching the threshold? Is it a SYN packet or are other types of packets counted?

Thanks

Anyone tried to connect GP from iphone/ipad with ClientCert?

I'm tring to connect GP from iPhone5 and iPad4.3.3 with Client Cert Auth.

I can't see the establishment of IPSec VPN, however, I could establish VPN from Windows with same client cert.

I want to see the working sample cofiguration.

Could anyone share th

SSL-VPN on Mac can't route traffic after sleep

On many of our Mac clients that are using SSL-VPN, if they are connected to the VPN and they close their Mac's (putting it to sleep), when the mac's are awoken, they can't route any traffic. 

The only cure seems to be:

sudo route -n flush

Is there any

Data filtering by name

Is there a way to block a specific file name, not just a file extension? Is it possible to accomplish this using a custom data pattern?

GRE issues with 4.1.0 ?

Good morning,

we run PanOs 4.1.0 on a couple of new sites, but we are not able to make GRE tunnel works. The sceario is IPsec Tunnel between 2 firewalls (PA-2020 to PA-5050), GRE tunnels built inside the IPsec on Cisco routers.

IPsec is ok and ping is

Pan os 3.1.8 VirtualWire and Microsoft NLB Problems

Good morning

I have a Virtual Wire configured on a PAN-2050 with Pan OS 3.1.8 and I connect in one Interface of it a Microsoft ISA Server 2004 and in the other interface a Catalyst Cisco Switch.

This Microsoft ISA SERVER 2004 has a Microsoft Load Balan

App ID Classification

I noticed that Sophos anti-virus is classifed under business-systems/management, while McAfee, Symantec, Panada are all classifed under business-systems/software-update.

Seems to me Sophos is misclassified under the wrong sub-cateogry.