CRL revocation traffic identified as ms-update

Is this an expected behaviour? We where somewhat surprised that the application included this traffic. It includes all SSL CRL traffic (like establishing remote desktop or visiting websites), independent if its related to Windows Update.

IPSEC VPN IKE Phase 1 Goes down after couple of hours

Hi Guys,

Got a quick query. We have implemetmented new pa 3050 firewall in our perimeter. Two IPSEC vpns configured and working fine. We notice, after couple of hours, the Status of first led goes red. but, the second status led stays green. During t

Decryption with Wildcard SSL-certificate?

Does Palo Alto support decryption with Wildcard SSL-cert?

Ref.:
In order to determine if a connection needs to be decrypted or not, the firewall relies on the (CN) common name configured within the certificate and compares that to the security policy.

Global Protect Auto Start

We are looking into adding Global Protect as part of our deployment of newly reimaged computers. Within my company's work environment, we want Global Protect to start up only when the user clicks on the shortcut icon for the application. We do not wa

PA-200 Console Port - What type of cable?

I assume I would be able to use a typical Cisco rollover cable (Serial to RJ45) to connect to the console port on a PA-200 but get nothing.

Am I using the wrong type of cable?

name that security profile

I am looking for a more descriptive name for my security profile ? I have vulnerablity protection, anit-virus, anti-spyware and wildfire included on the profile that I have added to a majority of my rule. currently it is name All PE alert

Force what Global Protect Portal to use

Hello,

Our users will have 2 Global Protect Portals to choose from.

The users sometimes log in to windows with a smart-card and sometimes with a normal AD-account (Username and password).

Not sure if it's possible but can we force what portal they c

Probably a strange question...but Linksys RV082 and PA VPN tunnel anyone?

HI 

Been trying to get a VPN tunnel working between a Linksys Rv082 and Palo Alto. (dont ask...)

But no luck in the testing, i based my PA config on the Linksys Rv082 settings, wich i got from the person that is on the other end, but so far - no suc

why are there duplicated threats (protections) ?

Hello,

Browsing on the list of threats, i see many threats that repeat themself, only with different ID.

What does that mean?

Minimum number of ports in aggreagte interface?

What is the minimum number of interfaces in an aggregate interface, will config commit with a single interface?

Monitor multiple IPs in a PBF rule?

Running 8.0.x on our PA-3020 and PA-220 systems. 

In our virtual routers, we can path monitor with multiple IP addresses and take action on AND or OR conditions, but PBF still seems to be limited to a single IP. I'd love to be able to monitor multipl