URL Category list with all URLs from SSL Decryption Exclusion

Hi,

We are using SSL Decryption and I only allow SSL traffic for specific URL's and categories which are excluded from SSL Decryption.

Palo Alto has it's predefined list with SSL Decryption Exclusions (Device > Certificate Management > SSL Decryption

How packets match security policy when when application are incomplete or insufficient

For an example, I have 2 security policies

ruleA) source ip: any, source zone: any, destination ip: any, destination zone: any, application: dns, service: any, action allow

ruleB) source ip: any, source zone: any, destination ip: any, destination zone

HPE iLO 5 Not working as GP Clientless VPN App

Hi,

I added HPE iLO 5 as a new GP Clientless VPN Application, but it is not working. It seems it calls java, but based on PAN documentation it is supported javascript on Clientless VPN.

There is any special thing to do for the javascript part? As you

Steam Saves from Clouds

Hey, 

Is there anyone knows how can I get steam saves to cloud?

Let me know, if someone knows regarding this.

Zone for vpn?

Hello ,

We have currently three diffent zones defined .

Zone A vlan 100. For wired users 

Zone B vlan 200 for wireless users 

Zone V tunnel/ loopback interface for Global protect users.

All the above users mentioned are corp users.

Now customer wants t

GlobalProtect app - How to stop PanGPS from opening PanGPA constantly?

So we are trying to prevent the Palo Alto agent from opening at startup. 

I believe I fixed that initially by removing its entry from"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run".

However there's a service running, "PANGps" ("C:\Program Files\Pa

Session End Reason Unknown and Aged out for SSH traffic passing through IPS

Issue is:

SSH establishes fine but once new attempt of a connection is made it cannot establish new connection. This disrupts the workflow of a automated application that sends files over SFTP throughout the day with the random disconnects.  Packet ca

Users disabling GP through services.msc

Hi,

We run always-on VPN. Our users have found they can disable GP by going to services.msc and disabling the service, then killing GP from task manager.

Especially with everyone working from home at the moment this is quite a big deal and we need to

Syslog listener to python script possible??????

Does anybody know how, or can offer some clues, as to how I could get the platform to call a python script to use an external API as a result of a syslog message. I know the syslog daemon passes the messages to Minemeld in JSON format, but what would