General Topics

Questions about FIPS-CC Mode

Greetings all,

We've got a department on our network using a piece of higher-security software.  The software audit came back and indicated FIPS 140-2 encryption is required when the traffic is going across any network other than ours.

I've started l

File Type "Unknown Binaries"

We just need to know the wildfire file type which is allowed to dynamic analysis.

As I know the following URL described allowed file type for sandboxing but what happened with unknown Binaries ( unknown Extention ) when it classified as an unknown fil

Allow traffic to specified hosts/networks when Enforce GlobalProtect enable

Hi,

I want to use the feature Enforce GlobalProtect for Network Access. 

Outside the company, users must use Global Protect to network access, but when users are on the company site, they should be able to access the local company network.

For that I

Global Protect Multiple URLS for Internal and External users

Hello team ,

I have a  GP cluster Gateway and Portal .

Currently we are using a single URL   : vpn.abc.com   for both Internal and External users .

Now we want to use another URL for External :   Partner.abc.com

so do we need to create a new Portal a

global protect client certificate

Hello Team,

We have a global protect portal and gateways running . GP is currently integrated with AD. The certificate on GP is a wildcard signed by an external CA. Currently no certificate check is being made and authentication is purely on basis of

Globalprotect in A-A

Hi,  I have some question.

If I have configure Active-Active HA and two GP portals with PA-3260.

e.g. fw1's portal : 111.111.111.111

fw2's portal : 222.222.222.222

(limitation of SSL VPN concurrent user from PA3260: 2048 ssl-tunnels)

When fw1,2 are in ope

GlobalProtect VPN Client Welcome Page

Hello,

We had the welcome page for GlobalProtect VPN Client enabled at one point. We recently disabled it but the welcome page still displays upon connect. Has anyone else run into this and found a way to permanently turn off the welcome page?

Upgraded to GP client 5.2 Driver error

I installed GP client 5.2.1 for Win 64bit and received an error about a digitally signed driver... it reverted back to the previous version 5.1.1.. did I miss something. Download the MSI from the Support site.

*Urgent* TCP out of order.

Hi team,

My customer is facing the TCP out of order in pcaps while accessing SMB application. 

He implemented the Zone protection in LAN zone which has Asymmetric path set as global, I changed it to bypass...

Will this resolve the issue...?? why TCP o

Regarding URL Filtering

Hello Everyone,

I am little confused in creating URL filtering policy rule. Does allowing certain url category in the policy block everything else?

For example in a policy from inside to outside i created and allowed url category online storage and b

Pearson VUE - endless frustration with the most horrible company on Earth!!

I sat multiple exams from multiple vendors during the last 2 months and one of them was Palo Alto. All of the exams were the so called "online proctored exams" which are served by the super ridiculous OnVUE platform written by script kiddies during a

Reliability of "name-of-threatid" in threat log searches

When using the "name-of-threatid" to search threat logs I am getting very inconsistent results.

Some signatures are returning properly, while others return blank results - even when I build the search syntax dynamically by clicking on the alerts in t