About awarsame

We are trying to let users to have read-only access to Facebook' but not allow them do posting or download anything from it.   We don't have SSL policy.  Can you block Facebook posting with you SSL policy decrypt traffic? Thank you ... View more

Our 3020 PA got updated with new AV definition this morning. Since then it is marking all Flash as Virus/Win32.generic and dropping it for all users. But we are not getting any complains from end users. We tried some sites with flash content and had no problem playing flash video.  It appears the firewall is not really denying it, but logs it as denied.   Has anybody see this behavior and are you doing about it?   It is filling up my SIEM and generating false alerts. thank you ... View more

We recently purchase pa3020s for mainly application control reason and put them behind cisco ASAs.   I set up trust-to -untrust policy which applies to outbound internet traffic. I denied unwanted apps and allowed rest using user group mapping.   that is all working fine and users can access internet with no problem.. well,  last week, I tried to do  the same to default untrust-to-trust policy to the Inbound traffic.  I created a policy that  allowed the DMZ and  remote VPN traffic coming through the ASA and I changed the default untrust -to-trust policy from allow to deny. The result was internet access stopped. No one could access Internet and I had to back the change out. My thinking was that this a state full firewall and for any outbound traffic,  the return traffic should pass through if it matches a established session.    is this not right with PA firewall? do they do statefull inspection or not? thank you ... View more