Diffie-Hellman-Groups: Why no brainpool curves?

While setting up a VPN with a Cisco ASA, I stumbled accross the quite small list of DH Groups implemented in PA firewalls.

So I wonder what the rationale was for choosing the implemented groups. As a German engineer working for goverment and other pub

Dynamically extract Autofocus tags

I would like to dynamically extract Autofocus tags with all of it's definitions(HTTP Activity, File Activity, Mutex Activity, Registry Activity, Digital Signer,...) to a csv file, or as a feed using Minemeld.

Nonsense configuration changes from "preview changes"

Hello everybody,

  from time to time, whenever I commit small changes to my PAN firewalls, if I click on the "Preview changes" button I see (beside my changes) a list of items and configuration partials that are moved around, ie custom report configu

Global Protect user id and machines

Hi ,

Is there anywhere that I can restrict that client vpn user "BOB "using the global protect that can connect only once and not many times the same time from different systems like I have users connecting from the mobiles , tablet and computer the

App-id Matching Process

I'm running PA-VM and created with one active rule:

From: Inside

To: Outside

Application: Web Basic Application group (ssl,dns,web-browsing,ping)

Service: application-default

Action: Allow

SSL Decryption is disabled

I'm facing issues browsing to website

SLL Forward Decryption and Spotify

Hi All,

Today I decided to implement SLL Forward decryption. Everything is working great except for one thing, Spotify.  I know what you'll say, "You allow spotify?. Yes, but just for me. With decryption disabled spotify works fine, with it enabled i

Adding sub interface to existing interface

We are currently using our 3260 firewall to handle BGP to our MPLS router.
the connection is trunked through our core switch, Native 200, allowed 200 & 255 (mgt & bgp respectively)

Router 1:

G0/1 10.200.254.3 (mgt)

G0/1.255 10.255.255.129/30
Firewall:

E4 1

How to update the BGP Imports in a Panorama template

I am trying to update the Import values in the BGP parameters in the Virtual Router in a template on a Panorama. My command looks like this:

set template Test-Template config network virtual-router default protocol bgp policy import rules Route-IN-MP

firebase-cloud-messaging app-id additional ports may be required

Hey there,

Here's something that was brought up by one of our teams. According to this kb article cloud messaging also needs these ports.

https://firebase.google.com/docs/cloud-messaging/concept-options#ports_and_your_firewall

I was able to find logs

How to change from category insufficient-content to Private IP address?

Hi Teams,

How to change some intranet website from category insufficient-content to Private IP address?
i already use portal to request change.

but, when i choose category Private IP address, this category is disable and can't be click.

i believe we alre

Panorama 8.0.2 - Buggy???

We have multiple models of FW hardware running primarliy 7.1.9 and it seems like since upgrading to Panorama 8.0.2 from Panorama 7.1.9 that it is almost painful to make changes. It seems everytime we push to devices something fails. Today specificall

Shared Objects in Panorama

Is there a concept of shared objects at multiple levels in Panorama ?  For example, I can have a top level setting at the shared level which says password length is 15 characters and I want that to go to all firewalls.  What I need, is a second share