Upgrade issues

Hello,

I have a PA-500 device running on PanOS 3.1.4.  I try to update it to last release PanOS 4.0.2. (Direct upgrade allowed following the RN)

I have no Internet conection yet, also I would like to install it from a local file.

I click "Upload", locat

decrypted SSL traffic over Proxy since 3.1.10 slow

Hi folks,

since upgrading to 3.1.10 is the ssl traffic (with decryption on the firewall) by squid proxy significant slower as without using a proxy. Not on all websites, but on some the browser needs up to 1 Minute to display the first page.

I tried se

Commit Failed: PAN-OS 3.1.5

Hi All,

Have a PA-500 which is failing on a commit with the following:

How can I troubleshoot this further, I am not sure what it would be refering to.

Thanks

Ma

How to remove DigiNotar CA SSL Root Authority

i do not find a hint how to remove any SSL Root Authority in my PAN. How can i announce me the trusted SSL Authorities? Is it possible to remove a single CA like "DigiNotar  Root CA".

mfg

Manfred

Allowing the PAN to respond to tracert

I'm able to ping the interface and don't see any denies in the log, but when I traceroute through the PA-500 it does not respond.

The rest of the hops do respond, just not the PAN itself.

User ID Agent

Hello-  I am running PAN OS version 3.1.7.  I am running a User ID agent on an application server within the domain but I am not getting complete user ID information in my traffic/threat logs.  We have just upgraded to Windows 2008 R2 64 bit domain c

User-ID users not timing out

I only have a few users currently as this is a new deployment however the very few users I have do not seem to time out.  I'm using the latest PAN agent on Win2008 R2.

I have users still mapped who haven't been in the office for over 2 weeks. I have m

Application is Incomplete

In the monitor log, what does it mean when it shows Incomplete under the Application?

I am blocking incoming RDP and everything works fine (Action = Deny) as long as it sees it as MS-RDP or T.120 but I am seeing some traffic shown as Action = Allow on

NAT Multiple external IP's to a single inside host

I'm trying to find documentation and/or any help to see if PAN firewalls are capable of NATing Two external IP's to a single host IP.

My scenario:

ISP1 204.23.123.123

                               ----------> Internal host 10.10.10.10

ISP2 79.23.123.123

Block doubleclick.net

Hello,

I would like to block   *.doubleclick.net    because I am suspecting that it is the source of few spyware infections in our corporate network. Has anyone blocked this category of websites in the past? Is there a side effect if I block them (e.g