Windows Updates across a Site to Site VPN

I have a WSUS server.  I have a Site to Site VPN from a PA-3020 at a hosting facility to a Cisco ASA on my corporate network.  The PA-3020 is running 7.1.4.  When I try to run updates from the servers in the hosting facility, it shows as ms-update in

Captive Web Portal isn't working as expected

We're a school and have just started implimenting BYOD for our Students. Along with this is the requirement to Authenticate the users their BYOD devices so we can monitor and filter their web usage.

This is easily done with our PA-3050, or so we thou

Global Protect certificate error

Hi,

We are testing GProtect 2.3.2 version and its not working fine.

Debug GP client shows "WINHTTP CALLBACK_STATUS_FLAG_CERT_CN_INVALID".

The certificate is issued with the Common Name clientvpn.xxx.xxx, and this is the address of the portal.
 If inste

get flood protection

Hi,

İs it possible to protect from ? 

Regards

block specific user social media, google ads, youtube channel,apps store?

Dear all,

my customer have some of this requirments, can palo alto do this stuff:

1.can palo alto block specific user in social media like facebook. example: block user name contains john? or block twitter user?

2. Block google ads?

3. Block specific yo

What is the difference between Firewall throughput and Threat Prevention throughput?

My company has a 100mbps symetric ISP connection and will be purchasing a PAN firewall, PAN-200 or PAN-500.

Is "Firewall throughput" the capacity to sort only on TCP/IP data while "Threat Prevention throughput" is the capacity to sort on the entire p

Panorama VM with Log collectors Eth1 and Eth2

I have Panorama VM, and M-100 as log collectors.

I want to use Eth1 and Eth2 on the log collectors, How can I do that if Panorama is a VM?

Please advise.

Thank you in advance. 

QoS limiting download bandwidth for multiple subnets behind LAN interface.

Hi,

I need to limit download bandwidth for multiple (more than  subnets which are behind LAN interface. They need to have different limit values. I can't believe there is only 8 classes and I am limited to them.

So is this a hardware limitation? Wha

Can Not Registered My PA-200

Hello, I have registered the PA-200 on support web site, and the license is showed correct on the web GUI and on command "request license info", but it still show "device registered: no" on "show wildfire status".

Do anyone know why ? And how can I ma

PA Unable to drop packets for Scan Host Host Sweep towards Internet

Hi

Can someone clarifies if it is a default behaviour on PaloAlto to allow scan host sweep towards Internet?

It is tagged as medium in Threat Prevention but the firewall unable to block it even though the profile is set to strick that block all Threa

Change to HTTP decoder

Did I miss a notice that the http decoder was being changed so that most of my rules based on the web-browsing app would break?  Nearly all of my web-browsing traffic is suddenly being identified as unknown-tcp.

I notice in the release notes for 646

Palo Alto deny All policy reason non-syn-tcp

Hi,

We realised our PA in version 7.0.6 is having any issue with the traffic. We see many traffic being dropped by DENY all rule (the last rule in the rule set). Looking in application we see "non-syn-tcp" in all the connections. 

These denies connec