Global Protect Setup using an external CA

Can anyone help with setting up GP to use certificates from an external CA ?

Ive managed to get it working using an internal CA & signing the server & client certificates defined in the portal against that - but Im struggling to get it working when I

How do PA deal with BOT channel using APP such as twitter, skype, other IM?

Hi guys.

Nowadays BOTNET C&C server have been using Command and Control channel using twitter, skype IM and other IM like attached image.

So I wonder about how do PA deal with BOTNET channel traffic using application. I tried to find that any signature

comscore

Has anyone had any experience with this Comscore app this article is speaking of?

http://www.cleveland.com/business/index.ssf/2011/08/privacy_lawsuit_targets_comsco.html

If anyone has found it and logged the traffic I would be greatful if you post it

CryptoCard Card.

When using the Cryptocard authentication server we have had issues where no radius packets are coming through the PA500 on version 4.0.1.  When the packet capture (tcpdump) was run no packets appeared on the interface.....

The only way to solve this p

Upgrade to V4.0.4

Hello

Can i directly upgrade from version 3.1.6 to version 4.0.4

Thanks

Enayat

CLI ping and traceroute resolving ip

Hi,

In the GUI the PA is resolving ip address by quering the dns server. But with CLI commands like ping and traceroute it doesn't seems to do DNS resolving. I think it should be because there is a CLI command no-resolve.

Any ideas why it isn't resolvi

LDAP Error - AD Integration

Hi

has anyone encountered the following error.

When i type the following command

enayat@fw-tec1-pa2050>show user ldap-server state

User-ID agent and 300,000 LDAP UID's

I need to run user Identification of a Sun-One LDAP server, that has two main classes for users, totalling 300,000 users, in one geographic location.

What is the maximum number of entries a user-id agent can handle/cache etc?

Would the best configurati

ldap through PA failing randomly

we're having a problem with logging into servers in our network that connect to an ldap server that is behind the Palo Alto firewall. The PA recognizes the sessions as ssl going over 636/tcp. Our rules allow these connections, and most of the time wh

Two Virtual Routers and NATing

Hello,

We currently utilize dual ISP's as part of our business continuity plan and it looks like we have most of our PBR's setup appropriately. I am trying to figure out a way to create a static NAT entry on ISP2 via VRF that will go to the Core Netwo

Exchange 2010 - Applications Required?

We have a Palo Alto in front of an Exchange 2010 CAS server.

The Palo Alto is in a back-to-back config with a "dumb" firewall in front of it that only allows port 443 inbound.

The Palo Alto has the SSL cert from the Exchange box on it, so does SSL insp