Inbound SSL decryption - Digicert

If inbound SSL inspection when using Digicert certificate is not supported, what is the alternative. We have many web-servers using same wildcard cert used for GlobalProtect and wanted use this same certificate but it doesn't work. Is there any other

New setup PA-VM Active/Active external routing not working on standby

I have a pair of VM 300s in active/active mode and everything is running OSPF. PA1 is primary and PA2 is standby. I noticed I was missing a bunch of traffic for anything going to the standby router. I can ping every interface on the standby sourced f

Email Link Analysis - does it look at all emails?

I am curious to know if the organization I work at gets a blast email to 500 employee's from an external B2B marketer does the wildfire analysis get performed on all 500 identical emails or does it simply do it once knowing the email and links are id

Panorama: cannot use in templates objects from DG

Dear Community,

I have a Panorama with several firewalls in a device group under the share one.

I have several templates and I cannot select any shared object from DG into any part of template configuration, for example adding an address object as an

Pre-logon for specific user only

My requirement is that some user should use Pre-logon and other should use User-logon. Currently all users are using only user-logon mode.  

Is it possible to use both mode in global protect, because we have to call client certificate profile on globa

Allow only MS Intune and Windows Update - block all internet access

HI,

I am after permitting only MS Intune and Windows Update - block all internet access.

I have followed the custom URL filtering as mentioned in the link below:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRfCAK&refURL=h

Qos question

Hi,

I have traffic shaping enabled on FG and at the same time PA also.

traffic flow is as below 

client  goes through  FG then PA then go to internet or wan 

traffic shaping  policy running on  fortigate  , and qos policy is there on PA also 

Let's say if

Session created by Syn Cookie

Hello,

what process and what is going on if a session (SIP) is created by "Syn Cookie" ?

Is this a valid Session, does this indicate a Problem ?

We configured an App-Override Policy to mitigate Problems between Phone-System and SIP ALG.

We see now all

IPSec site-to-site tunnel not allowing all traffic both ways

I followed the guides to set up an IPSec site to site VPN tunnel between our main office and satellite office using static routing, but I can't access our servers through the tunnel. From the main office, I can access everything on the satellite offi

Block Facebook Posting

Hi everyone：

PA Firewall seems to be unable to Block New Facebook posting.
Does anyone have a way to block it?

BR

Richard

GlobalProtect Xauth for iPhone and Android