More than one Syslog server - performance

Hi all,

does anyone know how the configuration of more than one Syslog server in Syslog profile (to send Traffic and Threat logs) impact the performance of a PAN 2020 device?

I need to send traffic and threat logs to a SIEM and a Syslog server at the s

reports based on users groups ( Panorama )

Hi,

can anyone confirm this is not supported yet with Panorama ?:

I would like to create reports based on user groups with Panorama. I know you can achieve this with a single unit , but i don't think this will work with Panorama. We are even not able t

Split Tunnel

I have noticed that when I connect to the SSL VPN the Split tunnelling restriction I have in place doesn't seem to be working any longer.  I recently upgraded from 3.1.6 to 3.1.8. I also upgraded my laptop client to NetConnect 1.3.  When the VPN is

Logging of blocked HTTP traffic

All,

We have a proxy environment where LAN users requesting Internet sites have to go through the proxy. Our proxy is on the LAN side of the PaloAlto so that traffic goes from User->Proxy->PaloAlto->Internet. There is a rule on the PaloAlto that block

Exchange 2010 CAS in the DMZ

Aside from being not supported by Microsoft, has anyone placed an Exchange 2010 CAS server in a DMZ? It looks like the reasoning behind it was because you'd have to punch so many holes in the firewall, it wasn't worth it. But since the PAN has a litt

Result - Stuck in PENDING

Hi,

I have an antivirus download schedule and install job, but it seems PA FW is
stuck in the Download action. Sine 2 days I have the same result as below.

Enqueued          ID             Type    Status Result Completed
---------------------------------

Block Pornographic Images in Google

Is there a way we can filter pornographic images in google?

Hope you can help me with this one.

Thanks,

Rex

Safari Security Errors

I have suddenly started getting security certificate errors while using Safari.  I am not using a Captive Portal and have no certificates on the PAN, however the certificate errors always point back to a self-signed certificate by the PAN.  I am atta

Conficker DNS Request Question

So we have some conficker infections here where I work. The problem is that the PA sits at the edge, so all I see are Conficker DNS Requests that get proxied through our internal DNS Server to the Internet. I guess there is no way that PA can see wha

ipv6 interface

Hi,

  I can't assign an IPv6 address to a L3 interface of a PA-500 in 3.1.

  But I can add IPv6 addresses to the objects DB, and there is a 'IPv6 firewalling' flag in the general device configuration.

  Has anyone played with IPv6 on a PA? Is there any