About oklier

Since you are looking to go to 6.0.5, you may want to look at 6.0.8 since there are more fixes to known vulnerabilities. Also Upgrading your agents to the highest 6 version wouldn't hurt either. I have two serer that run the agent and I usually upgrade one then wait a day or two then the other. That way if one goes south due to the upgrade, it wont take both of them down. Good luck! ... View more

We have seen this before as well. We are on code 6.0.6 and there are notes in the newer code 6.0.8 that refer to automatic fail over with respect to data plane issues. Is a though one so I recommend opening a support case. In our case it was related to the path/route monitoring, the PAN thought it lost path but in reality it did not. ... View more

I just accomplished this with the following DOC: Dual ISP Branch Office Configuration Works great with one VR! we used two different zones forthe two different external ISP's but that just means we had to double up or combine our rules. There were only a few anyway. ... View more

We use 6.0.6 and will go to 6.0.8 for vulnerability issues within the next few weeks. Mainly the following: 73111—Dataplane restarts were caused by a race condition between dataplane packet processes, where the session resource allocation became out of sync between central processing units (CPUs). A fix was added to keep session resource allocation in sync between dataplane processes. 71486—A fix was made to address an issue with user input sanitization to prevent Cross-site Scripting (XSS) attacks against the web interface. 71321—Removed support for SSL 3.0 from the GlobalProtect gateway, GlobalProtect portal, and Captive Portal due to CVE-2014-3566 (POODLE). 71320—Removed support for SSL 3.0 from the web interface due to CVE-2014-3566 (POODLE). ... View more

I would say depending on the size of the environment including AD, I would recommend bumping that number up to maybe two or three. That way if one is not responding or up, you have something to refer to. ... View more

I'm fighting a similar issue on my side especially with users on VPN getting the wrong web-filtering policy. I have not seen the 'unknown' source user, its usually just he username on the VPN without the domain (in my case so this is why they get the wrong policy). Support did provide guidance on this for me, perhaps they can do the same for you? Another thing that just occurred to me, how many user-id agents are you using or are you using the PAN's for the direct lookup? ... View more

I personally log everything so i have a record. Then just off load it to our log manager for archive. Just my 2 cents... ... View more

I am seeing the same traffic here as well. However I coorelated it to the URL logs and it seems to be for advertisements. With the recent Flash vulnerability out there, it wouldnt surprise me that these are 'drive by' downloads trying to happen. If the users are not complaining, its all good in my world. ... View more

Hello i agree with rmovan in that the VM is not great to be put in a the perimeter since you now have exposed your hypervisor to the internet. I know there are VMWare hardening docs, but I think you are asking for trouble since if the hypervisor gets compromised, the firewall is useless. Stay with physical at the perimeter. ... View more

I would say open a support case if the passive device is not getting updated. Sorry we couldnt help more. ... View more

I also have this in addition and the way I do it is by exporting all logs from the Panorama to the log management system and then setup a custom alert from that system. Any log manager or SEIM should be able to accomplish this. ... View more

May want to open a case on the sleep/hibernate issue. As for the message about the older version, the client checks to see which version is active on the firewall, so if its an older version it will always prompt you to download it. So i would say just make the one you are using active. ... View more

I would contact your sales team for a better answer, however here is what the licenses cover: GlobalProtect Licenses I dont have the licenses and we can still use VPN for both site to site and use Global Protect for users VPN access. It doesnt sound like you need it, so skip it for now. ... View more

I setup email alerts for Critical events. That way when one occurs, you get notified of what happened. Since I have over 5 HA pairs, i set it up on the Panorama. Here is what the emails looks like: Subject: SYSTEM ALERT : critical : HA Group 1: Moved from state Active to state Non-Functional Body: domain: 1 receive_time: 2015/01/07 15:22:52 serial: seqno: 155559 actionflags: 0x8000000000000000 type: SYSTEM subtype: general config_ver: 0 time_generated: 2015/01/07 15:22:50 vsys: eventid: general object: fmt: 0 id: 0 module: general severity: critical opaque: Chassis Master Alarm: HA-event ... View more

I still think that blocking that category will resolve this issue. I just tried it with IE11: Or maybe we just need to wait for PAN to update their definitions for this? ... View more