General Topics

tcp-syn enabled may affect the transfer (downloading) files.?

if I have enabled tcp-syn in the trust zone unusually high number of these 'tcp non-syn packets' being generated, overall-throughput through the firewall can be affected?.

in case if affects, as I can disable this option?

What is a command to exit from VSYS?

Hi,

I can not exit from VSYS.
I tried "quit" ,"exit" and others command,but was not able to exit.

Could you tell me it?

Device:PA-2050(3.1.3)
---------
admin@PA-2050 vsys2> set system setting target-vsys vsys2
Session target vsys changed to vsys2
admin@PA-20

Panorama Console Error - Ext3-fs warning

Hello,

We found the below error message on the Pano console:

pano login: EXT3-fs warning: maximal mount count reached, running e2fs recommended

Have not had any issues running Panorama.  Is there something I need to do to correct this? Thanks!

Mike

Vulnerability Protection - inbound traffic to DMZ Servers

Hello,

Does the Vulnerability Protection Profile provide any benefit to inbound traffic from the Internet to servers on the DMZ? Is it more for web protection from users going outbound to browse the web and not so much from outside sources accessing s

SSL VPN Config on 3.1.5

I am attempting to test the SSL VPN using a self signed certificate on 3.1.5  and setting up according to the " How to Configure SSL VPN on PANOS 3.0" document, however the guide does not cover the Client Certificate Profile which is now required in

Can't find ident

Hello,

I can't find ident/auth app despite that it's listed in :

List of Applications Identified by the PAN

Regards

How do block all flv streaming media

Is there any way to block all flv streaming media for all applicatons that uses flv streaming through web-browsing?

(I could'nt find any application describes "flv" except "Flash application".

But "Flash application" blocks all flash content and this i

ssl decryption best practices?

I'd like to look at implementing it but I'm wary of all the potential caveats i.e. applications that don't play nice, and machines that are non-windows or non-domain so wouldn't get a trusted CA via Group Policy.

I've read the guides so know how to do

PAN Help files are a bit old

Noticed this while searching some answers about dynamic URL filtering in the help files.

IPS/IDS for SQL Server behind PAN?

We have a web server in fron of a PAN that accesses MS-SQL behind the PAN.

In the vulnerability profile that we're using, everything (client/server) is set to "default".

I appreciate it's a fairly broad question, but is this enough?

Thanks.

User-ID Agent Refresh Interval?

I'm sorry if I've just not spotted it, but is there any documentation on how often the User-ID agent (for Active Directory) updates?

We've just started to implement some policies using groups and I'm not quite clear in my mind how often the PAN checks

Uknown / Blank user

Hi,

I want to view the traffic for all unknown users, but I am unsure how to create this...

I thought about using (user.src neq '') but that does not work I need something similar, essentially I want to view the 'from user' that has no data in (blank)

A

URL Log

I have seen this come up in one post. Where the user has asked why the URL field is only limited to only the first 63 characters.

Any idea when this might be addressed? It is crucial to log the entire URL for both trouble shooting and forensics purpos