Block SSL urls for BYOD student users- Maintain Cert trust chain

Hello all...

I find myself in a bit of quandary on how to deal with blocking\inspecting various SSL based urls for our student BYOD users.

I realize I need to decrypt the traffic in order to take action on it... but our problem lies with how to deal

Is it possible to export the private key from the forward-untrust certificate to view in wireshark ?

I want to check a specific HTTP request that is send to a webserver and which is currently blocked by one of our vulnerability checks to verify if the signature is correct.

But I need to be able to view the decrypted data on the exported capture, ther

dismiss global protect download link From GP Portal

hi Guys,

well, i m running on version 8.03 and have done all necessary clientless configuration but one thing is a bit weird to me.

-  Once a user log in  via the Portal,  he is able to use or see  the GP download link, has anyone any idea on how to

FTP weird behaviour

Hi,

We realised that our PA is doing something strange with FTP app

We have create and above rule (Servidores a INET 1). All our FTP connections involved should match this rule but we see connections which are jumping this rule and mathicng in another

Skype for Business - Send files

Hi,

Having some issues with Skype for Business and file sending. When i have SSL Decryption on, I cant recieve or send files over SfB (Works when I turn it off).

Does someone know what URL`s i should add to the "NoDecrypt" url list to make it work?

GlobalProtect & User-ID

Hello,

I am trying to find some information on how to configure GlobalProtect with User-ID but haven't been able to. What I am trying to do is to enforce a new policy where when some of the users, who have laptops that aren't joint to the enterprise

GlobalProtect HIP not identifying products.

Hi.

I have two different HA-pairs with GP VPN configured on them. I'm trying to get HIP to work on the client, but I'm running into issues.

First issue is there are a number of applications we're checking for including Dell Kace and Comodo AV Suite a

Group Mapping

Included Groups under Group Include list showing full LDAP distinguished name. Would someone be able to advise how to configure a firewall to display "DomainName\GroupName" instead? 

Thank you

Marek

FQDN object refreshes attempted even after objects deleted

I have pair of 2000 series firewall running on PAN-OS version 7.1.7. we have deleted the below FQDN objects from the PA(objects and policies), but still its refreshing and querying the DNS server through the managment interface. i cannot find any kno