Identifying applications inside ssl without decrypting

We have a large amount of ssl traffic which we would like to better break out and identify for clearer reporting. For the most part this is inbound traffic destined to our public application servers, so we know what it is without decrypting it, but i

Application vs Service

I have a server that I can create a rule with Applications (e.g web-browsing, ssl), but I also need to open up specific ports (e.g udp-20).  Do I need to create 2 separate rules (ie are the Application/Service fields an "and") or can I use 1 rule (Ap

Custom Application: No Scroll option for Value: Version 4.0

Hi,

On version 4.0 if you try to create a custom report , select App subcategory > select operator > and try to choose the value associated with the sub category, you will not be provided with a scroll option. You have to expand the window to see valu

Panorama Security policy & Filtering

I may be being a bit thick (entirely possible). But, when I'm in the security policy on Panorama (pre rules) i want to be able to filter only the particular rules that are on a particular target vsys. Currently I have 2 virtual systems on a single PA

Auto-Lockout Panorama

Hi All; [SOLUTION PROVIDED]

I have a Panorama server I manage over VPN.  basically when two people login with the same account. The account gets locked. I didnt configure it this way it is somewhat unexpected.  Anyway, both users had chrome browsers a

LDAP - failed to create page control

Hi All,

Seen this in the ldapd.log file.

Has anyone come across this before ?

Mar 16 10:10:03 connected to ldap server ldap://172.17.23.132
Mar 16 10:10:03 ldap cfg LDAP Server connected to 172.17.23.132:389(index 0)
Mar 16 10:10:09 Warning: pan_ldap_s

Incomplete Packets after Service Applied

Hi There;

For some sessions like availability monitors and other systems that make connections over a port that has the "service http or service-https" applied in a policy, these will fail unless you allow any service to the host or create an applica

HSRP L2 Split Brain

Hi All;

Thought I'd post this for anyone who has the PA going through a cisco HSRP L2 at the perimeter.  Traffic is intermittent between the two firewalls if you leave the passvie device interface to "Auto" instead of "shutdown" in the passive state.

Can PA recognize user-id from AD using TAP-mode?

Hi All.

I tested that PA with AD using TAP-mode.

AD-agent, CLI at PA device could recognize users from Active-Directory. but Traffic logs, Threat logs, URL logs could not recognized user-id and session-browser showed user filed was unknown.

I think that

SSL decryption and Carbonite

SSL decryption seems to interfere with Carbonite.  When the policy is enabled, the Carbonite client reports "waiting for connecton to carbonite pro backup server...".  I assume I could add a rule to not touch anything in category "online-personal-sto

Skype-Probe sessions increase dramtically when blocking skype

Hi All,

Seem to be having a bit of a problem with skype-probe.

I have a PA-500 in Vwire mode behind a PIX FW, the customer wishes to block Skype traffic.

Observations:

1.     On the ACC the ammount of skype-probe traffic far exceedes any other traffic in