Panorama Logging with NFS

I'm currently making a log concept for our new PaloAlto firewall environment for our new internet perimeter. I have a few questions about that.

Here is what we want to build:

- a two stage firewall concept

- outer firewall is a PA-5050 cluster with Thre

ssl gateway not working after upgrade to 4.1.2

Hi

After upgrading to 4.1.2 from 4.1.1 the ssl gateway and protal is not working.

When accessing the portal the client certificate is presented but when pressing continue, the login page never appears.

I had to revert to 4.1.1 to get it running again.

An

User-ID Group Include List Error

On PanOS 4.1.2 I am trying to perform an LDAP lookup for the 'Group Include List' element of the User Identification setup i.e. to populate the 'User' field in policies.

When I do this I get an "bind-dn is invalid" error.  I know the account configure

NetConnect on Linux under Wine

Has anyone managed to get NetConnect to run under wine on linux?

I Use Firefox 9 for Windows under Wine, and managed to do an offline Java install  by downloading from here:  http://www.java.com/en/download/manual.jsp

I authenticate in the portal.  The

How many PAN support Admin account?

Hello.

I want to know about PAN admin account performance.

First. How many PAN support Admin account? Is it different from each PAN model?

Second. How many PAN support concurrrent logged Admin user?

Please let me know above question.

Thanks in advance.

Reg

add policies to local vpn users

Hi

Can I add policies for specific local VPN users? - I can't add them from the source "users" field?

I am running PA500 4.1.1

Thanks

When does a rule go unused

I have a number of rules that are showing unused.  I've read the threads on the counter resets etc. but I'm still looking for a definitive answer - hence my post.  When does a rule become marked as unsed?  Is it after a month, 2 months, a year, since

Blocked Applications cause Reset, not Block Page

On our firewall users are getting 'Connection Reset' errors in their web browsers rather than the 'Blocked Application' page.

While the end result is the same, it makes debugging connection issues a lot harder!  Am I doing anything wrong - an applicat

VPN and client proxy

Hi

Does anyone know how to force PC clients that have authenticated to the PA using Global Protect (non licenced version) to use a particular proxy server.

Thanks

Rod

Thinking of upgrading to 4.1.0

We have two 2050's in an active/passive cluster running 4.0.5.  We are looking to upgrade to 4.1.0.  Had anyone had any negative experience with this version - particularly related to the SSL-VPN changes or User-ID functionality?  I've heard a few th