General Topics

Always -on OTP

I have an interesting scenario where I have a firewall protecting an extremely sensitive server and some dedicated users accessing it through another zone. I ran into a situation where only couple of users need access to it when remote. I thought of

Panorama support license upgrade

Hello,

I am just trying to upgrade support license of Panorama VM from 100 devices to 1000 applying the Auth code received for PAN-SVC-BKLN-PRA-1K. It is failing with message "Failed to install licenses. An initial license cannot be applied for renewa

QoS on inter-vsys traffic

We have internet traffic and tunnels terminating on vsys1. While our servers are in vsys2. Traffic to internet or tunnels is passed through inter-vsys routing from vsys2.

Server X which earlier used to be in vsys1 and had qos applied for it tunnel tr

Inbound SSL Decryption

Hi,

I have two questions for folks

1) I have setup Inbound SSL decryption as outlined in the documentation  (Import Server Certificate, Create Decryption Policy, Create Decryption Profile), and expected that when I looked at my traffic log to the ser

Who vets External Dynamic Lists (EDLs)

The Knowledge article on blocking TOR, https://live.paloaltonetworks.com/t5/Featured-Articles/How-to-Block-Tor-The-Onion-Router/ta-p/177648, references a list on panwdbl.appspot.com. This website has a number of lists that can be used to filter traff

Autofocus Minemeld Advantage vs wildfire?

My understanding is that wildfire autoupdates some URL categories within 5 minutes if you have the correct licensing.  With a current wildfire/URL filtering subscription, and without traps on our network, what is the real advantage to autofocus? My u

RSA AM and PA Configurations

Want to know if anyone has configured a PA to use the RSA Authentication Manager yet?  I have seen an RSA document from 2010 that states it can be done.

Guest Access via Captive Portal - problem with page not always appearing

I have set up a guest wifi network with an access point on an ethernet port of the PAN firewall.  The guest wifi network is unsecured.  I am using a web-form to ensure the guests see our logo, terms, and type in the correct password to proceed.

The se

Captive Portal - Terms of Service

I would like to configure my PA-200 in such a way that when the user tries to browse a web site, he is presented with the captive portal. On this page I would like to display a "Terms of Service" banner telling him about acceptable use etc. I do NOT

Captive Portal NTLM and responce page

Hello

Today I configured for one of my zone insted of default-web-form default-browser-challenge.

When I try to open new session on computer that isnt a Windwos AD machine i got:

and when I clicked Cancel:

I'm pretty sure that above message is possible