manage PAN device over a WAN, you might experience problems

Problem:
If you try to manage PAN device over a WAN, you might experience problems.
By manage, I mean via the Web interface, via CLI or via Panorama.
The Web interface may not load
Or
login via CLI works fine.
However a command that returns a lot of dat

SMB URI Filtering (Custom Applications)

I'm wondering if it is possible to define an 'application' based on an SMB URI path?

Example - I have two shares on a SMB SAN server \\san\public and \\san\secret; is it possible to apply a firewall rule to a Palo device that sits between this server

SYN Flood

hi : I have a question in regard to Flood Protection Thresholds under Zone Protection. Do the thresholds for Alert/Activate/Maximum apply to counting SYN packets directed at a partuicular host or to counting SYN packets directed at all the hosts in t

Checkpoint FW-1 Telnet Authentication - PA Alternative?

Hi

We will be installing 2x PA4050s into our datacentres to replace our current Checkpoint Alteon Switched Firewalls. We use Checkpoints "telnet authentication" on TCP port 259 to allow super users access through the firewalls based on their IP addres

Address Group Membership?

Is there a way to test if an object or IP address is a member of an Address Group? 

Since update to 3.1.4 no ssl decryption

We have some user categories with "no decryption" but the default rule "decrypt".

Before updating from 3.1.3, https://secure.eicar.org/eicar.com.txt was blocked reliably. Since 3.1.4 not. Nothing else was changed.

In fact i cannot see any ssl decryptio

PA implementation in vwire and L3 mode ( mixed mode )

hi

recently i implemented PA-500 with basic L3 setup ( router-pa-switch ) i selected e1/1 and e1/2 as untrust and trust with basic nating, now i need to add e1/7 and e1/18 as vwire with the same external router and same external switch, the idea i hav

PBF based on Apps

Hi All,

I want to PBF all my google Apps traffic via ISP1 and the rest via ISP2. Under the PBF rule -> Applications I see only a subset of Apps which includes my customs Apps too. But not all Apps from where I could choose from.

Any advices please?

Than

Dual ISP for SSL VPN

I am having trouble getting SSL VPN to work on a newly added modem. Essentially, I want to add a new ISP connection to my PA and configure it to be used for SSL VPN. I tried to add a PBF rule, but apparently, pbf requires traffic to cross zones. So f

Can I change the TCP port used by inbound SSLVPN connections?

We have a customer who has users in UAe, where SSL 443 is blocked.

This means they are unable to get through the initial authentication so can't get the SSL VPN connection working.

Can this initial port be changed?

Captive Portal - Authentication Method

Hi Palo Altorian,

In Captive Portal setup, does it work with Active Directory or Palo Alto Local User Database?

If yes, can anyone point to me where can i find this documentation? as i was not able to find on the technical documentation. Otherwise, it

Wildcard SSL

So we have a couple hosts where we use a Wildcard SSL and I noticed that in our URL filtering, it shows up as *.domain.com (application SSL) rather than service1.domain.com and service2.domain.com

I've been trying to troubleshoot an issue where we use