URL filtering https pages

I can’t seem to get this working. I’m trying to block bbc I player but neither url filtering or APP-ID does the job.

Do I need to enable ssl inspection to block https pages?

I have tried with httpvshttps.com for example and I can block the http version...

HA active/passive OSPF design

Hi,

   Following topology is from PAN's design guide for A/P OSPF setup.

I wonder if it brings any benefit to connect firewall1 to Edge Router B and

Firewall 2 to Edge Router A with additional cabling run OSPF there too.

   The only thing I can see is th

Aperture License, Box Question, and Duplicate Security Control Rules for AWS

I am supporting an Aperture account and when I go to Settings-> License Info, it says "The license information is being updated.".  It stays at that and never display any other detailed information.  Is this an issue or what might be causing this?

Se

Allow Teamviewer both inbound and outbound

Hi

In PAN-OS FW we have user based authentication enabled. Now i found teamviewer is not working. I have allowed PORT 5938, 80 & 443.

Thanks..

Assigning security profile to multiple security rules

Hi,

  when you have 100-200 security rule and need to assign a threat security profile to all the rules, what do you do?

Does anyone know an easy way of doing it? I can either script it via XML API but there should be an easier way I think.

thanks.

Best practice wise, which ports do we open on our AWS instance for our TRAPS ESM Server?

Best practice wise, which ports do we open on our AWS instance for our TRAPS ESM Server?

We currently have SQL and HTTP opened with Security groups in AWS for our two offices. This of course doesnt allow users in the field to get TRAPS updates unless

Custom Category block per default

Hi

When I create a custom URL Category, it is automatically added to all URL profiles with action set to "none".

Can I set this default action to "block" - that means, the new URL category will be automatically added to all URL profiles with action se

GlobalProtect - Authenticating using trusted domain credentials

My company has recently configured Active Directory/Windows Domain Trust between ourselves and another domain (we have recently merged as a company).

Our users currently authenticate to GlobalProtect using LDAP linked to our domain controllers. Is it

Forward Trust Certificate greyed out

Hi

I have an enterprised signed CA Certificate and also intermediate certificate. But when I install either of these, it shows that cert is valid but I cannot mark the check box for Forward Trust Certificate. It is greyed out. I can only add self sign

Global Protect IP assignments

Its seems with the 4.1.4 client then when a user connects and gets an IP address that the client remembers the IP.  I have an issue where that has happened, but the user got it out of the wrong pool and I can't seem to find a way to get it released.

Captive Portal on second firewall

Hi community

Most of you know about the captive portal feature on paloalto firewalls, to get user-ids for not yet somehow authenticated users. All this is also well documented exept this situation: 

I was wondering if it is possible to configure the c

About side scrolling in the UI

Hi. I'm used to do side scrolling in Chrome by using this combination: shift + mouse wheel.

But when I try that (for example in the Policies tab) i get "diagonal" scrolling.

I think that current implementation of scrolling relies on javascript. You s

Mac OS High Sierra Virtual keyboard problem

I use Mac OS High Sierra 10.13.6 (17G65) and GlobalProtect version 4.1.2-11. I use an Apple Bluetooth wireless keyboard and track pad.   I have a physical disability and use the virtual keyboard that comes with Mac OS High Sierra.  GlobalProtect is p