Always-UP IPsec

The ipsec-tunnel comes up only when there is interesting traffic destined to the tunnel or when the tunnel manually initiated.

That leads to problems in our monitoring. I'd like to ask if there is a workaround to make the VPN always-up without need t

Global Protect not working with Big Sur on PA 820

Hi all,

I Use Global Protect  version 4.13 on a PA 820 Os 10.0, after updating my Mac to Big Sur i vant connect to the Palo anymore.

The strange thing: when i use the same Mac to connect to another Palo in our domein it works.

The error: failed to get

limit the bandwidth for users

Can we create a profile in the Palo Alto firewall to link up with an AD account and limit bandwidth to each user?

VPN socket closed

Hi All,

I have a user who connects via a thin client with GP to our network. Actually we have around 50 users, but this one user has many problems. She gets disconnected multiple times a day. She tried multiple connections: her current residence with

What is PA-3020 current recommended version of OS?

Anyone know what is latest OS should be install on PA-3020?

Does it work even if I install different models of PAN-OS?

Currently, we can download the PAN-OS Software Image of the PA-200, 800 and 3200 series from CSP.

Does it work even if I install different models of PAN-OS?

For example, the case of upgrading by installing PAN-OS 7.0.1 downloaded from PA-200 to PA-305

Palo Alto VM No Internet in Browser

Hello,

I have PaloAlto on GNS3 i set a policy from inside to outside and i also do the NAT policy Plus the virtual router configuration.
from inside i can ping to internet but i cannot browse, is that related to licence or i miss something?

Thanks.

Resubmit Host Profile required intermittently to restore connectivity.

Global Protect, running 5.0.8 w/ Mac 10.8.5.

Client connects and works fine initially.

At intermittent times, a few times a day, the client has to manually Resubmit Host Profile for the HIP rules to re-engage and restore traffic flow.

This is obviously

Fortigate Minemeld URL feed injestion issue - outgoing URL connections blocked by Minemeld feed policy on Fortigate Firewall

Good afternoon,

we've noticed a strange issue on a client firewall that injests URL IoCs from our Minemeld instance into an outbound block policy.

Specifically it seems that the Firewall Minemeld Policy is blocking outgoing URLs connections that are

Spli tunneling for ms-update files

Hi,

We have GP configured with 0.0.0.0/0 inside tunnel. We would like to split-tunneling for microsoft updates. In the split tunneling profile we add several microsoft URLs in order to avoid but its not working.

We added this URLS:

*.update.microsoft.c

random-drop vs drop - zone protection

For TCP flood logs should only show "random-drop" with RED configured.

"drop" for TCP flood is this coming from options set under "TCP Drop" options under Packet Based Attack Protection.