Allowing Microsoft and Java Updates

I'm trying to allow downloads of .exe and PE files for updates but continue to block users from downloading those file types from other sources.  Not sure what the best way to do this is.

If I build a file filter with 3 rules like:

1.  allow applicatio

SSL VPN Security

All,

I have the SSL VPN setup and working.  All my remote users have access to the internal resources they need.  The time has now come to add a vendor to access their specific internal server.  So, I will create an user on the PA in the Local DB and

URL Logs to Panorama

Is it possible to forward URL fliter logs to Panorama?

Panorama version 4.0.5

PAN firewall version 4.0.5

We are seeing the URL categories in the ACC but no logs.

QOS Interfaces

Hi,

I was wondering if anyone can tell me if there is a limit to the number of 'Clear Text Traffic - to QOS Profile' mappings you can create under the advanced options within a new QOS Interface? PANOS 4.0.2.

I want to setup a couple of QOS profiles, t

HA - Link Monitoring

Hi,

I´m testing the HA configuration of our firewalls and experience unexpected behavior.

If both HA members experience link down errors, we want the appliance with the most active links to be active.

In the "PAN-OS HA - Understanding PAN-OS HA states,

Applipedia - search by port number?

Does anyone know if it's possible to search for an application by port number instead of name, to see if you can find a match?

I have some connections using an application that shows a known - and recognised - PORT number when I run a packet capture,

FTP over HTTP

Hello,

I need to block FTP communication - however, I do not want to block downloads that come through a browser - which can utilizes FTP over HTTP.  Would this configuration theoretically work? Curious if anyone has made that work - before I get into

Reporting for management..

I'm having some troubles coming up with a clean report that will tell my employer the highest number of concurrent users on the PAN each day...  Anybody write one?  Trying to filter out the nonsense seems to be the problem.  I just need to see "at X

Captive Portal as a AUP accept page for internet access?

Hi All,

Could I use the Captive Portal, as a way of displaying an Acceptable Use Policy ( AUP ) that users must accept, before gaining

internet access?

To make this as seemless as possible, is it also possible to not have to require the entering of user

No user names in the PA appliance

Still no user names in the PA appliance.

from PAN-Agent debug:

[skipped]

2011 09 21 16:55:16, AddEntryUnknownTableSafe 192.168.207.100

2011 09 21 16:55:16, User Enumeration, IP: 192.168.207.100, Username: MERVIN$, Domain: companyname

2011 09 21 16:55:16,