Re: Vwire and L3 Deployment Decryption

Hi,
I would like to know the way it operates in the backend how palo alto does the SSL decryption in Vwire mode . As in a L3 deployment the connection will terminate on the firewall and firewall acts like a MITM and does the SSL Proxying. How is the c

SSL Decryption Exclude List - correct syntax?

What is the correct syntax to exclude a whole domain, including subdomains and pages from SSL decryption?

Say exclude all URL's from "test.com", would this suffice:

*.work.com

or would i need to include a list like:

*.work.com

*.work.com/*

*.www.work.c

IPsec VPN throughput

configured site to site ipsec vpn between PA 820(head offc)XG firewall (branch offc)successfully. in the head offc we have 100 mbps download , 25 mbps upload speed and brach we have 100 mbps download and 50mbps upload speed. the vpn performance is ve

GP pre-logon for IOS devices

Hello community,

I was wondering if is possible to make Globalprotect for IOS or Android devices to work properly with connect methods other than on-demand, for example pre-logon. Did anyone accomplish this connection method??

Thanks and Regards,

Mar

Name resolution takes too long, diskable name for report [report name]

Hi! We just finished deploying the PA-5260 running PAN-OS 8.0.10 at our edge. Everything works well so far, but we see the log message below in Monitory->Logs->System:

Name resolution takes too long, diskable name for report [report name]

The type is

Palo Alto main and sub urls are different category

I have requested palo alto uel re categorzation team for re categorizing the main url of a site for ex: 

abc dot com.

It has re categorized correctlly by Palo as requested. However I am getting  blocks when I access abc dot com /subdomain

When i try re

Best practice for Palo Alto Uplink

We are looking to deploy our new boxes (PA-3220) in HA in the next few weeks. We are trying to go with best practice methods. 

Currently, we have an Layer 2 ae interface that has multiple subinterfaces. Each subinterface is tagged with a Layer 3 SVI.

Global Protect DHCP config

With our firewall for VPN and DHCP all we configure is under GP gateway/agent/client settings we have an IPpool and address route.  We need to add DHCP option 160 and I don't believe that it can be done on the Palo.  We have never setup a  DHCP relay

VPN Configuration Connectivity Issue

Hi,

I have configured Ipsec VPN on Palo alto.

But when i am trying to ping it cant reach to remote peer ip.

what should i do.What should i check?

Panorama & "Managed Devices" unable to connect

I believe I have set up the Panorama and Firewalls correctly as per a few different KB articles I've read. I've check connectivity between the MGT interfaces, made sure that the attempts weren't being denied due to the fact that "permitted IP's" were