CradlePoint to Palo Alto VPN with failover LTE

I have a CradlePoint MBR1400 router at a remote location.  The primary WAN connection is delivered via Ethernet and the secondary over Verizon 4G.  The primary is a static IP and Verizon's is behind NAT.  When I enable NAT-T on the Palo Alto the prim

PAN Agent to FW connectivity

Guys,

we have a PAN agent User-ID version 5 running on the network, all is working fine, but just that
on the PAN agent User ID, I see only one device PA-FW as connected.

The active one, and the standby does not show up.

Is this the right observation, or

Virtual Systems and Active / ActiveConfiguration

I am trying to configure 2 x 5020's in an Active/Active Configuration and the run 2 Virtual Systems

I am facing issues when enabling the Virtual Systems and the configs stop replicating and then I get backplane failures and have to remove the VSYS con

UserID debug Log. high load CPU?

Palo Alto support ask me about send them the debug lof of UserID. I can enable this debug log with my DC in production. There is risk about load CPU in the UserID device (Domain controller). I could do it in production?

thanks

PDF Summary Report (Missing Custom Reports/Widgets)

It has been a few versions since I played with PDF summary reports however, I am currently running version 5.0.5 and in the GUI if I go and create a PDF summary report there is no 6th drop down for custom reports as I remember and as shown in the hel

Suspicious DNS Query - conficker

Hey,

Is there a way for not letting conficker fill up the threat logs? Or an easy way to filter them out? I have 1000+ logs from 1 host on just a few hours and it is getting hard to see the other threats... Even in the ACC, I get a list full of confic

The PA-3000 Series Architecture

Hi all.

I want read about PA 3000 Architecture

But i can't find anything?

Pls tell me where i can find this document!

thanks so much

URL Filtering Exception

Per company policy, we block all online personal storage sites.  However, as always, there are some exceptions.  What is the best way to allow 1 specific user to 1 specific site?  Do I really need to create a separate URL Security Profile for each ex

Can you configure Policy Based Forwarding without knowing the "Next Hop" address?

Hi folks,

I am trying to set up a PA200, running 5.0.6, to use two ISPs and set one set of users to use one ISP and the other users to use the second ISP for their outbound traffic.  My problem is that as these are ADSL circuits, each time the connect

PanDB category Questionable

Name: Questionable

Description:

Sites containing tasteless humor, offensive content targeting specific demographics of individuals or groups of people, criminal activity, illegal activity, and get rich quick sites.

Example Sites:

www.collegehumor.com , w

Security Rules dont match propertly

Hi,

I just migrated from 5.0.3 to 5.0.6 and the user-id is giving problems......... Some rules is not matching correctly.......

I have the rule on top ,deny Twitter application and in the end  i have a rule allowing this traffic.....but the twitter tra

DNS Proxy Errors

We have a remote office using a PA-200 in the middle east. I configured it to use DNS proxy with caching to lower the time for resolution over the VPN tunnel back to our corporate DNS servers in the US. We also have intermittent disconnects due to th

CRL not downloading

Hi,

I have just noticed that my PA-2050 has in it's system logs regular entries as follows:

Failed to get CRL http://crl.godaddy.com/gds1-16.crl

I also get similar entries for every different certificate server I can think of.

Reason I ended up looking a

Multisite vpn question

I am in the process of planning out a spoke/hub type PA vpn setup.  I'm working with the networking team to carve me out enough addresses for each remote site.  What I'm wondering is if each remote site can connect back to the main HQ PA (5000) so I