About pulukas

This is not a current feature in Global Protect. I would create a shortcut to the shared login script location on the users desktop that they can run after the connection is made. You can submit this as a new idea on the knowledgebase site for future releases. Knowledge Base Choose the "Create an Idea" link on the bottom left. You can also contact your sales team.  They can search the pending ideas and add your vote if this is already in the system for enhancements. ... View more

Currently you can only subscribe for updates on security advisories and content updates on your support portal profile. You can submit this as a new idea on the knowledgebase Knowledge Base Choose the "Create an Idea" link on the bottom left. You can also contact your sales team.  They can search the pending ideas and add your vote if this is already in the system for enhancements. ... View more

The PA firewall is also able to continue to use the last downloaded dynamic updates as well. ... View more

As dill mentions, be sure your use case is one for the Active/Active cluster.  These add a significant complexity to the deployment.  They are NOT about adding capacity.  A cluster is there so primarily so that if one firewall fails traffic will still fully flow.  This means that even in an active/active deploy EACH firewall should be able to carry the full load of traffic. The primary use case for Active/Active is when the network design requires permitting asymmetrical traffic flow. The secondary use case is where dynamic routing protocol peers must be maintained through the inactive firewall for the network design failover. If you don't need these conditions, then deploy in active/passive mode. And when you open tickets even if you meet these approved use cases, you will spend the first part of every conversation up the support chain justifying the Active/Active deploy is necessary.  So be sure that it is. With the ssl and site-to-site vpn you do need to use floating ip for the failover and operation to work.  You cannot use arp load sharing and maintain a tunnel end point. Have a look at the active/active tech note for the details, this is old but still the most complete document on the topic.  Note how the configuration of nat, session handling and session ownership are handled in the Active/Active cluster. Configuring Active/Active HA PAN-OS 4.0 ... View more

I'm surprised to see this crop up.  There were HA issues in 5.0.10 and the release notes for 5.0.11 note the three HA bugs fixed by this release.  You may have run into a new bug with this issue. PAN-OS 5.0.11: Addressed Issues You may want to open an ticket so it can be examined by support to confirm if this is a problem or not.  And if it is get it into the bug fix chain. ... View more

If I understand you situation correctly, you do need to change the application from "any" to "web-browsing" for this rule.  You seem to want to only permit web browsing with your url policy on ports 80 and 443.  This would prevent then ssh on 443 being permitted by this rule. For the port 8080 web sites you can do the same using the application web-browsing to prevent other uses of the port. ... View more

Reverse route injection is a Cisco proprietary method of getting vpn routes into OSPF for distribution.  This feature takes routes generated by interesting traffic acls on a cisco vpn and is able to "inject" them into OSPF for distribution. The feature is not available in PanOS ... View more

Automatic backups from Panorama are also available in 5.0 and 5.1 trains. ... View more

Usually these issues appear as our network appliances like PAN firewalls become victims in the browser wars.  New versions of browsers will break web portals and access on our network gear. In IE you can always try the "compatibility" mode button to see if that fixes the issue. Other options are to roll back browser versions or upgrade the PANos version to get the latest browser fixes. ... View more

On the affected device take a look at system resource usage for the management plane. How to Interpret: show system resources Troubleshooting Slowness with Traffic, Management, or Intermittent SSL Decryption ... View more

Did your upgrade create a second gateway (multiple gateway) or an internal gateway? These both require a license. GlobalProtect Licenses ... View more

I don't know of a way to automate log backup, but you can export them and copy them off the firewall as outlined in the document below. How to Export Logs ... View more

I have not seen an op script feature in any roadmap presentation yet. ... View more

PanOS does not yet support op scripts on the cli. But you can use REST api from web browser for scripting fucntions PAN-OS and Panorama 5.0 XML API Usage Guide Video Link : 1024 ... View more

Go to the url db checker and request a category change. http://urlfiltering.paloaltonetworks.com/testASite.aspx ... View more