ldap groups not working

Hello,

for some reason we ( and many other customers ) are still experiencing issues regarding the use of ldap groups in an authenticatin profile for example SSL VPN.

We have microsoft AD as LDAP server and we went through every step in the well known

zone protection test doc.

Hello all.

I tested some of the DOS/DDOS tool set against PA-4050.

I want to share my humble doc to you.

some of them still remain question to me.. I'll open the support case for that.

if you have some input, please email me.

thank you~.

BH Lee

VPN for Droid devices

Not sure this has been asked yet.

Panorama 4.0.1 commit error

I have a PA-2020 managed through Panorama, both running 4.0.1. When I change a setting in Panorama for example a security policy change in the local device context only !

If I commit the change I get this error message right after clicking on commit

Al

Routing issue

Hi guys,

I have an issue I faced before with OpenBSD's PF Firewall but I am not able to solve with PAN.

My topology is:

INET ----- PAN ---- DMZ ---- Balancer ---- Balanced Servers

                 |

              LAN

The domain controllers for the DMZ doma

URL Filtering Categories

Hello,

After some days using a PAN Firewall, I've notice that some URL are incorrectly classified. Is there any way to modify the standar URL categories?

Thanks,

Multiple Virtual Routers sharing the same INSIDE zone? Possible?

Hi.

I have my PA's running fine and dandy with my normal internet link(s) and DMZ farmed out to my edge routers without issue.

Now I have coming a requirement for a dedicated, seperate Internet link and DMZ for a special purpose with the traffic being

3.1.8, when?

Hi,

we opened a Case and the support answered that it will be fixed in 3.1.8 release.

I was wondering, when will it be released?

Any idea?

Thanks

multiple SSL-VPN profiles

I have to manage some different SSL-VPN profiles. I would offer to remote user the possibility to choose a VPN profile and then access the enterprise network with different policies. Is it possible ? How can I distinguish between one profile from ano

Invalid address value NaN shown in 3.1.7

Since updating to PAN 3.1.7 the committing dialogue shows

device: Invalid address value 'NaN'

Nevertheless the rule installs successfull.

Does anybody have the same strange message?

Auto-block admin "hammer" attempts?

I've been seeing stuff in the system log like the following:

There are a huge string of these, obviously it's reading throug

Add second Internet coonection

Does anyone have any notes or tips on adding a second Internet connections? Also need to point specific group of uses to new connection, do I create a second Untrust zone, different name then first Untrust zone and change the security rule for those