Protocol Migration from Checkpoint

Hello,

We have some protocols defined on Checkpoint, and we are not able to traduce to PAN 4.0.

FTP_mapped is defined as Protocol 6, match SRV_REDIRECT (21,0.0.0.0,21), set r_mhandler

HTTP_mapped is defined as Protocol 6, match SRV_REDIRECT (80,0.0.0.0,

commented file type list available?

Where can i find a list of the (blockable) file types with an explanation, what kind of program it uses?

Routing Issues with Layer 3 Deployment

Hello all,

I'm having issues with internet access on different subnets. I have attached a diagram on my network. The Server VLAN has Internet access but the rest somehow are not managing, I'm seeing the traffic in the logs but nothing seems to be work

APP-ID for IPSec over UDP

Hello Community,

the standard IPSec APP-ID did not handle complete IPSec-NAT-Traversal (UDP 4500) ...

I've noticed that reestablishement of NAT-T is not detected successfully.

This causes problems with temporary droped IPSec-Sessions.

Any idea ?

Regards,

C

[botnet] some url filter out.

Hello all.

on the firmware 4.0.1, we have botnet monitoring function here,

but on the report, I can see some of normal url(false positive) that trigger the botnet module.

like ..

"211.234.239.48/upload/notice/polling40_v.ipml"

can you please tell me how I

How to Manage External Users via UIA/PAN

If the organization has Users who are contractors/sub-contractors (deskless workers); how can you manage these Users via the PAN if they are not members of the Domain?

Would AD deskless worker objects need to be created AD-side for them to be prompted

Pan OS 4.0.1 and searching

I've noticed that after updating to 4.0.1 when searching for user Traffic everyone keeps showing up.  I am clicking the apply filter.

Its also happening on the Threat, URL and Data Filtering.

Is anyone else seeing this problem?

We already have a suppor

HTTP Brute Force Attempt

I was contacted by a major government entity about an HTTP Brute Force attack/attempt coming from my institution.  Their IDS triggered on a researcher in my organization attempting to login to one of their training websites.  The user forgot their p

rule shadows

I'm trying to clean up our rules, specifically the shadows.  I've run in to one rule that is shadowing 6 others:

- Rule 'rule208' shadows rule 'rule211'

- Rule 'rule208' shadows rule 'rule212'

- Rule 'rule208' shadows rule 'rule292'

- Rule 'rule208' shad

How to reset the unused rules counter ?

Hi,

How can I reset the "unused rules" counter without reboot the firewall ? Is there a command for this ?

Regards,

julien

global Protect

Hi All,

I tried to configure Global protect on my PA500. According to docuementation available on site, I configured Global Protect Cert Auth but If I try to create a Global Protect server cert signed by GP Cert auth, I have an error (Failed to genera

youtube won't work with web-advertisements being blocked

Does anyone know how to get around this?  We have enable web-advertisements to be blocked within our URL filering.  When going to www.youtube.com and some other sites, the site is there but will not play content.

Any ideas how to get the best of both

Palo Alto Dev Adapter for BBNA

Hi,

does anybody know whether there is a working device adapter for Palo Alto Firewalls (Version 3.1.7) for integration into BBNA (BMC BladeLogic Network Automation)?

If there's none, I'll probably have to write a simple adapter myself.

Thanks!