check to check "deny" packages

Hi

I have some rules that will allow IPSEC between two Windows Domain Controllers, but it only works when I allow "any" underapplication - unless I ping from both ends.

So how can I see what port I am missing in my custom application group?

Thanks

User-id is it possible to check computers?

Hello,

One of our clients want to know if it is possible to build policies based on computer membership to AD groups.

In this situation we want to differentiate between computers that belongs to AD and which do not in purpose of VPN connections, so tha

Terminal Services User-ID Agent Flaw

A new customer during deployment was wanting to test how well the TS User ID agent was working at identifying users. We logged on as User A and started a specific ping. We search the log file, and there was the ping. We had it running continuous for

Anti-spoofing Question

I'm trying to compare checkpoint interface topology configuration to panos. Is there a setting in panos where you can define what networks are behind an interface?

Blocking by AppID don't work as expected

Hi

To block a webpage like Facebook, I have the follow two possibilities.

1) Block it by the Url Filter

2) Block it by the AppID

Since the URL Filter just looks at the URL and no other content. Access to Facebook will only be blocked if I try to access i

Trouble after upgrading to 4.1

I was currently running 4.0.5 on panorama and HA active passive 2050 cluster.

The upgrade ran rather smoothly.

has something changed for service declaration in 4.1?

I define my addresses and custom services on the panorama which I sync to the HA cluster

Virtual balancing and PBF

Hi all,

My client need to do Load Balancing in his wan interfaces, I did the next config, in PBF I put four policies, one for the two Internet segments asigned to the first and more faster output (TRUST to (1.0.0.1-126.255.255.254) & (128.0.0.1-192.25

Emailing of CSV reports?

Currently my reports can only output in the default behavior offered - PDF's are sent automatically - however, some groups within the company that specifically manage risk want to add automation to the mitigation process - and doing that would be muc

can you share the detailed report for "Palo Alto Networks Finds Unknown Malware Rampant in Enterprise Networks"

Overview is listed at http://www.paloaltonetworks.com/news/press_releases/2011-1108-wildfire.html

we would like to see the detailed report...

many thanks

DHCP server -> conflict IP

Hi

I have a DHCP server enabled on one of my interfaces, but clients have problem getting IPs back - after reboot of windows machines it normally works, but this normally not an issue with other DHCP servers.

Here is one message ->

An error occurred whi

Overlapping networks - NAT

Hi!

I have another problem - this time with overlapping networks. Here is a picture:

I'm the administrator of PA1. How can user from PC1 connect with PC2 ? I tried with destination and source nat on PA1 but i had to add routing to the destination trans

How to report traffic logs for a specific rule ?

Hello,

I have defined several specific policies to allow traffic through my PA device.

I have also created a rule that allow any traffic (at the end) to not impact current traffic.

My idea is to be able to identify all traffic that flows through my devi