ipsec question

destination port in PBF

Is there an option to define destination port in PBF. Now if a service is selected, PA applies PBF if source or destination has that port.

I am looking for a PBF which should match only if destination port is 80.

Dynamic updates not working after RMA replacment - Download Error Problem with local SSL certificate

We recently got a RMA replacement in for a failed PA5250 in HA but we are now noticing that Dynamic updates are not downloading and installing. We get a message in the Panorama Job Schedules section stating "Failed to upload image. Device msg:'Failed

exclude a network from static route

Is it possible to exclude a network from static route.

For eg  I have static route 10.20.0.0/16 to the core-switch.

unfortunately my management network (including PA) is 10.20.200.0/24

I dont want traffic to 10.20.200.0/24 going to core switch.

just ex

Knowledge sharing: IP and user TAG Mappings redistribution for DAG / DUG

Hello to All,

I see a lot of questions about redistributing IP and user TAG Mappings from Panorama or a firewall to other firewalls. In version 10 this is possible but in older versions only the user id can be be redistributed and maybe a REST/XM

LDAP-S Authentification failed (LDAP-S with TLS1 ?)

Hi,

while using LDAP-S (port 636) on a PAN Firewall for a connection to an active directory on a Windows Server 2019 I have the problem that the Firewall just can't connect.

If I try the "test" command for testing the authentication profile I get thi

maximum length of TACACS User ID

We use TACACS+ server for admin authentication.

Is there a limit on the length of an ID?  I have one that is 40 characters (we use email IDs).

Getting an auth-success log message for this user, but then a Critical "create-admin-acct-error" message:

F

PRTG monitoring thresholds

Hello, i am implementing PRTG and monitoring my PAs. We can monitor CPU, Disk free and Memory. My question is which should be the thresholds and how to react?

Authentication Policy for non-HTTP traffic - Remote Access users.

Is possible to use Authentication Policies for non-HTTP traffic (using the Global Protect client), and specifying LDAP authentication? All examples I have found are related to MFA, and I would like to know if it is possible to authenticate RA users u

interest in a MineMeld ESXi 6.5 OVA?

I have a working OVA of MineMeld installed on Ubuntu 18.04 server. One of the guys here where I work put in a ton of hours getting it installed and working. Is anyone interested in getting a copy.

If so does anyone know a good repository to put it?

How do I run multiple commands?

How do I run these commands with one command/automation?? (instead of one by one manually)

!taskComplete id=7
!taskComplete id=33 input=no
!taskComplete id=138 input=Spam
!taskComplete id=237 input=Spam
/incident_set phishingcategory=Spam incidentcategor

Device State from Multiple Devices

I have a question and I am hoping I am not the first person to have asked it, and that there is a script out there somewhere.

I am trying to get the device state from multiple firewalls and need to somehow put it in a script.   I do leverage the sc