IPSec Tunnel PAN to Cisco ASA - matching for phase 2

Do the proxy ID's on the pan side have to match the ACL defined crypto domain on the ASA? That is - suppose on the PAN side you had for phase II of the tunnel 192.168.1.0, 192.168.2.0 and 192.168.3.0 while the ASA side had only 192.168.1.0 and 192.16

API or script to report bad URLs to PAN?

Is there an ability to post bad URL reports to PAN in an automated/scripted fashion? 

I know the report site exists (https://urlfiltering.paloaltonetworks.com) but it requires a captcha. My goal is to write a script which takes in a (phishing) URL as

Report issue - incorrect data

Hi All,

i have a problem: when my customer generates reports there are problem with data, i see that the usage in one week is less than the sum of two random days in the same week.

example:

Week report: 450.5 G bytes

Day X: 588.3 G bytes

Day Y: 262.0 G b

Recommended MTU for GlobalProtect Gateway

Hello,

We’re experiencing slowness from global connect clients located offsite back to firewall (i.e. 5MBps). Without the VPN client, the user can get up to 60MBps.

What is the recommended MTU settings for GlobalProtect Gateway/interface should be se

URL Filtering from Internet Traffic to Internal Websites

Been doing some searching but havn't come up with anybody doing this and if it has other problems / security ramifications I'm not aware of.

My problem:

We have an employee that is no longer working at our business but there personal computer at home

Palo Alto Updates not passing through another PA firewall

Network setup:

PA3020 E1/2-->E1/1 PA500 E1/2-->Internet.

In PA3020, we have configured the service route to paloaltoupdates through e1/2. Then traffic will reach pa500 e1/1 which will be routed to internet via e1/2. PAT configured on e1/2 which will

Google drive not getting blocked

Dear Team,

As per logs, I am getting drive.google.com is blocked.But actually, I can still able to access it. 

Please advise regarding this issue to get fixed. Give us the proper permanent fix for this issue.

I can block mentioning the specific URL “dri

Block web browsing but allowing other apps.

I need to block webbrowsing but allow other apps which has web dependency.

Trust to untrust - all allowed. But when I deny webbrowsing from trust to untrust other apps like skype stops working.

Requirement is only web-proxy ip is allowed webbrowsing fr