About kbe

When people are connected to open WIFIs, Hotel WIFI, Hotspots... you often have the problem that the WIFI Provider is using a proxy and that certs are replaced or som kind of traffic is just blocked or there are more NATs between the connection. So this is a normal "problem" that you might not be able to fix as long as the connection works fine on "normal" networks. ... View more

Maybe this can help you: GlobalProtect 3G issue on Windows 8 pro tablet I had an issue on Win8 when connected with 3G. See the above posting with the solution. HTH ... View more

Maybe the update server you connected to did not hold the update if you checked short after the release of the notification. In wich timezone are you? Did you get the update now? ... View more

The email i recieved was sent at: Date: Tue, 6 May 2014 16:48:15 -0700 Have you checked your update scheduler on the PA for these updates? ... View more

Tried it again. Same situation: no problem here. OS 5.0.11 browser: Chrome no proxy in use I have no other idea than clearing the old log files on your system or check if there are local cached files. Maybe try another browser. HTH ... View more

I do not see it. When i sort by Bytes, last hour, top 25, webbrowsing is on top with 1.0G. After filtering i still see 1.0 G, and when kicking off the filter the order and the Byte count still remains the same. ... View more

Maybe it also helps to keep log usage lower by enabling "log container page only" in the URL Filtering Profile. You could also try to fetch the logs by using the XML API. PAN-OS and Panorama XML API Reference Guide 6.0 PAN-OS and Panorama 5.0 XML API Usage Guide HTH ... View more

As i understand the OP he wants to allow any application as long as it goes to a special (whitelisted) url. So in this case he should use application "any", service "http and https" (so only port 80 and 443) and destination "whitelisted address / address group". It just takes some work to specify the destination address group if there are multiple IP addresses to add. ... View more

In this case you could use address group or address object for the destination in the policy and use app=any, service=80 and 443 ... View more

Seems you should have a deeper look on your rule set and begin to use the features you paid for If you allow any application on port 80 and 443 and only apply an URL policy, you can not controll the traffic in your network. You allow anything that can use port 80 oer 443 (and thats more or less everything you might not want to allow) :smileyplain: The URL filter belongs to the content ID engine while the application "filter" belongs to the APP ID engine. URL filters only check the URL used in the traffic and nothing else. This is matched to traffic to websites accessed through HTTP and HTTPS. So SSH traffic will not be filtered because the SSH might only be used to tunnel other applications and there is no URL to match to. And SSH on 443 is decrypted so the firewall can not see what happens in the tunnel. You have to use decryption to look in the session and take action. If you only allow web-browsing, no one can use SSH to tunnel other application traffic. Maybe you should first try to use application "web-browsing" instead of "any" with service "application-default" or "service_http and service_https" (wit app default 443 is not allowed and needs a second rule but port 8080 is allowed). HTH ... View more

Sorry but i do not have / use youtube safety-mode so i can not check it. ... View more

The problem was fixed with app id 405. Now youtube videos are recognized as youtube base and not google video. We don´t use safe mode but if this does not work at you take a look if ssl decryption is working for https traffic. ... View more

I only noticed that most vidoes i tried are youtube-base and no more google-video now with 405. But i don´t know how youtube-safe works. Haven´t used it / tried it. ... View more

Google is using ssl. So you might need a decryption policy for this traffic to be detected and blocked. HTH ... View more