FastPath explain using packet captures

Could someone here with documentation on packet level capture for fast path process ?

Just for better understanding.

"Client cert is invalid to the gateway" error

Hi,

I am trying to setup machine cert authentication, but it appears I am missing something. Local user auth works fine without certificates. Gateway and Portal are on a single 3020 with 7.1. 

I created a local-CA and generated a cert for all windows

Split Tunneling

Is this still not supported on mobile IPSec clients? This is frustrating. Is there any workaround on iOS devices? 

Changing Global Protect Portal Using plist without Restarting Mac

Here are the steps I've tried in chaning the portal Global Protect.app without restarting the Mac:

• Packaged up /Library/Preferences/com. paloaltonetworks.GlobalProtect.settings.plist and ~/Library/Preferences/com. paloaltonetworks.GlobalProtect.setti

NAT Between VR's

Hello.

Despite my best efforts I am unable to get this concept working.

We have 1 x Palo Alto 3020.

It has 2 Virtual routers configured.  Both use 192.168.*.* networks.

I'd like to access a machine in the neighbour VR, from the opposite VR.  As the net

Palo Alto and Polycom Relpresence Issue

Hi All,

Having issue using Polycom mobile.

On our side: No video and audio

On Dialed no: Video and Audio is working

we translate trust network to a specific public address and allow

Policy:

trust network -> untrust to any destination and service.

Untrus

Hostname in user id and terminal server agents issue

We are using dns name for user id and terminal server agents in firewall configurtaion like below

However intermittelnly we are seeing red light on firewall and while checking directly on terminal server agent software, the firewall connection is van

globalprotect fails to connect on windows 10

GlobalProtect doesn't connect on my new windows 10 laptop (64 bit). I tried reinstall/reboot several times, but it didn't help.

The PanGP Service log shows :

21:49:49:463 Debug(1241): Session 1, domain name XXXXX.
(T4740) 05/12/16 21:49:49:463 Info (

GlobalProtect 3.1.4-7 + N600 Wireless Dual Band Gigabit Router (TL-WDR3600) problems

Regards,

 

have GlobalProtect 3.1.4-7 + N600 Wireless Dual Band Gigabit Router (TL-WDR3600).

When using wifi everything is OK.

When using LAN (UTP cable) VPN connection trough GP is interupcted periodicaly for couple of pings and then restored back.

 

Im l

Upgrade to latest 7.0.x or 7.1.x?

Hi,

we are planning to upgrade our 3020 A/P Cluster to latest PANOS (7.0.x or 7.1.x). Currently we are runing 6.1.13.

We want to do more SSL Decryption (Inbound & Forward Proxy). What are you thinking is the best and stable release for 3020 A/P Clust

Inactive session reports

Hello,  is it possible to run a report that shows the elapsed time for a session going outside the network? 

Basically showing any sessions that have been connected for more than 24hours? Most likely not based on default timeouts but just to confirm

T

with session offloaded packet will not go through dataplane ?

how will that packet flow ?
what does offload processor exacly do ? understanding of it
why it needs APP-ID completed

Forwarding lookup in Slow Path is done to get egress zone Packet capture

Could someone help me understand on basis of packet capture how using forwarding lookup egress interface is determined

Thanks In adavnce

Thinking about blocking executable file downloads - Gotchas?

In our environment, we have eliminated the scourge of people being local administrators on computers, with the exception of administrative accounts assigned to some of the IT personnel.  I'm thinking about blocking the DLL, DMG, EXE, MSI, and PE file