Query on Split tunneling

Hello,

We are trying  to exclude one IP from including routing in split tunneling.

VPN is working, however, I found that when going to 192.168.16.22, still through VPN rather than local LAN.

What we need to setup is ONLY this range, 192.168.0.0/16, wil

Many to many dynamic NAT (/24 to /24)

Is there a way to make a dynamic NAT rule that translates one /24 subnet to another /24 subnet work in both directions and map last octet to last octet? There's a way to do it in Sonicwall so if your natting a subnet to another it will make .20 on th...

Problem with user mapping and GlobalProtect connection

Hello!

The access to GlobalProtect is done using certificates, it works alright, users are authenticated and identified by sAMAccountName.

Sometimes happens that the firewall re-maps the already identified user substituting the sAMAccountName with na

Get security rules from Panorama that are pushed to local FW?

How can I do this?  IE login to Panorama or the local FW and get a list of security polices that are pushed from Panorama in  human readable format?  Similar to 'show rulebase security rules' on the local FW? 

Acitve Passive with different Uplink IP address.

We have two firerwalls at different locations conencted to different vendors via different ISP.

I it possible to have uplink to vendor with same ISP but different IP address in active and passive setup?

Integrate a DMZ with virtual F5 to the PA FW

I would like to add a virtual F5 as a proxy to our exsiting 5220 PA FW. As I have never done a DMZ to a virtual device, I am jsut wondering there a sample scenario or configuration. 

If my F5 was a physical device, I will just assign an IP address to

XML User ID

One of our engineer setup XML to pull the user id and ipaddr mapping, which works with no problem. The problem is he left the organisation and we are not able to determine the source from where the input is coming into the firewall. The log on the PA