PA500 split tunnelling DNS question

Hi

Have a PA 500 set up for split tunnelling - so clients access internet locally and all other traffic is passed over VPN tunnel to our office

I have DHCP set up on PA box so clients get primary DNS server (local ISP one) and secondary DNS (office one

FTP-SSL sites stop working

Hi, since the apps-threat update 261-1092 some  FTP-SSL sites stop working with a timeout error.

Iñaki

Gaming devices behind PAN firewall

We are using Capitive Portal for students on our campus. All students' devices including gaming devices get DHCP from a PA2050 and these IP ranges require CP. XBox seems to get DHCP and tries to connect to XBox Live servers, but fails. We don't see t

uid-gids-cache timeout

Hi there,

we use the pan-agent installed on a DC to read out the users of some AD groups. Works fine so far. The only problem we got is, that if a user is removed from an AD group, I will always have to run the "clear uid-gids-cache" command on the de

Cert issue with Captive Portal

We have installed a Comodo wildcard cert on our 2050 for use with the SSL-VPN and Captive Portal.  IE and Chrome are fine, but Firefox always says the it can't verify the authenticity of the cert.  I remember reading in another post that someone had

Permanently cached user to IP

Did a search, but nothing seems to answer my question:

I would like input from more knowledgable folks on the problem described - the permanent caching of a "good" account on computers that are kiosk mode and logged in with "ignored" accounts.  See ex

RDP incomplete session

RDP worked before the installation of PAN 500. Now I'm having an incomplete session on RDP (TCP handshake is dropping). How do I fix this:

760     t.120          DISCARD FLOW  NS   172.21.196.181[4483]/l3-trust/6  (70.159.69.130[2588])
vsys1           

panagent user identification problem with working groups on the active directory

Hi,

i tried ad user identification with pan agent on the pa2050 box and windows2008R2.But i have some problems

for example;

i created one group which called MSN_DENY and added it 5 users like test 1,test 2,test3,test4,test5(whatever) .later i was write

HA Sync issues with content updates

I am running a pair of PA-4020s in HA mode on PAN OS 3.1.8. For about the last three or four Threat and App Content updates I have had sync issues. I have the active PA downloading and then syncing the content to the passive PA. This worked fine unti

Base64 encoded HTTP traffic.

Hi,

I was reading the 2011-2012 buyers giude. There is a statement that describes Base64 encoded HTTP messages , used in command and control traffic for malware.

The bot sets the User-Agent header value to “inter easy” and also receives a scrambledBase

AD/LDAP Server authentication

Does anyone have any tips for getting AD/LDAP bind request working at the server.  I have the PaloAlto sending and receiving the bind request to authenticate, but the server reply packet says the credentials are invalid (error code 52e - invalid cred

Simple Policy Question

This is a simple one, but I couldn't find it specifically stated in the manual.

When I define a security policy, are the Zone and Address exclusive of each other?  In other words, if I select a zone,it requires I put in specific IP's or select Any.  I