NAT and security policies

Hi all.  I am trying to setup a ADFS environment in our network.  The actual ADFS server is located in the internal LAN, and the ADFS Web Application proxy is reside in the DMZ; internal LAN and DMZ is in a different VLAN.  

The goal is to send user a

EDLs

Can we group EDLs?

Once the url is fetched and content is read by the firewall and later the url is deleted, does firewall keep the cache of contents?

can firewall detect redundant entries?

Manage client SSL VPN use

Hi PAN Community,

I work for a school and we have issues with student VPN use - specifically x-vpn, hotspot shield etc. We have rules in place that take care of the proxies and standard VPN applications and have SSL decryption and URL blocks in place

New VM-100 throws error at commit

Hi

We have imported a config from a PA500 into a newly installed VM-100 v8.1 (under vmware).  After having done some VLAN changes to interfaces, we suddenly started to get the below error message when committing:

Can someone point us in the correct d

MAC OS Decryption Issues

Hello All,

I was just curious if anyone has encountered issues with Apple Mac devices and SSL decryption? We have users that are unable to perform an Internet Recovery over the network, but when they are off the network it works for them. This has on

Websense to Palo Alto Web Category Comparison

We are switching from Websence (Forcepoint) web filtering to Palo Alto 5050 Firewall. Does anyone have a "crosswalk" that has been done showing what websense categories line up with what PA categories?

Best Practices for Security Policies with App Default and Custom Services

Hello,

I have been tasked with converting some legacy security rules from app=any, service=custom object to app=app-ID and service=application-default. However, some of our apps use custom ports over known applications, so straight conversion is not

What app id is used for remote access to Windows 2012 Server and Windows 2016 Server?

Hi all,

we've noticed our admin accounts have been locked several times today due to consecutive failed login attempts to our VM-s.

Most likely, these would have gone through the PA firewall.

I wonder what would be the way to filter huge log, other tha

Dual ISP scenario

Hi,

I need to create a dual ISP scenario. This FW has 2 interface with differents ISP. (ppoe)

eth1/2 (1.1.1.1/32)

eth1/3 (2.2.2.2/32)

We would like to balance both ISPs and in the case one of this ISP goes down, all traffic takes the ISP up in that mom

Config, System, Supervisor timing out

I cloned few output prototypes and created my own miner -> ipv4 agg -> output config. I logged off for some reason and now that I login, I am getting timeout error for config, system, supervisor etc. I dont see any config info or indicaters in System

Doubt about 8.1 version source-user logs

Hi,

I just upgraded my firewall to 8.1.0. I was checking the log and i see that now the "source user" in log traffic is the full name machine with $, not the AD user. 

Before 8.1 was: domain/john.english

Now is: xxxx.dom\PCfullname$

Why??? how can we c