General Topics

SSL-VPN client can't connect

Have a security consultant that is trying to connect to our PAN SSL-VPN and thinks there is a bug and wanted me to report it.  He was using NetConnect SSL VPN client 1.3.1 with win7 and IE9. They could not get connected and got the following error;

j

Panorama Logging Traffic Flow

Hi All,

Does anyone have any indicative figures of the amount of data that flows from a PAN apppliance to Panorama?

Say a 4050 running at a consistant 50%, and logging everything = xMB/day of logs?

I'm trying to calculate what will be required to have P

Upgrade to 4.0.4 image version failed

Hi to all,

We've two PaloAlto firewalls PA-2020 with 3.1.6 software image version and HA licensed.Both have active gold maintenance support. Last week we tried to update to the last version 4.0.4 and the upgrade process failed.

Step 1

We started with th

How to setup multiple SSL-VPN tunnels

I'm hoping I'm missing something obvious here...is there a good way to support SSL-VPN access for different types of users who require different access and use different authentication schemes?

I am trying to setup multiple SSL-VPN tunnel configuratio

bypassed PAN box using free proxies

We are tested PAN 500 NFR in our lab . Did a search for youtube proxy on google and picked the first listed . Used them and bypassed the PAN box and was able to get to facebook and yahoo mail . I couldn't get to these sites through my browser directl

PA500 split tunnelling DNS question

Hi

Have a PA 500 set up for split tunnelling - so clients access internet locally and all other traffic is passed over VPN tunnel to our office

I have DHCP set up on PA box so clients get primary DNS server (local ISP one) and secondary DNS (office one

FTP-SSL sites stop working

Hi, since the apps-threat update 261-1092 some  FTP-SSL sites stop working with a timeout error.

Iñaki

Gaming devices behind PAN firewall

We are using Capitive Portal for students on our campus. All students' devices including gaming devices get DHCP from a PA2050 and these IP ranges require CP. XBox seems to get DHCP and tries to connect to XBox Live servers, but fails. We don't see t

uid-gids-cache timeout

Hi there,

we use the pan-agent installed on a DC to read out the users of some AD groups. Works fine so far. The only problem we got is, that if a user is removed from an AD group, I will always have to run the "clear uid-gids-cache" command on the de

Cert issue with Captive Portal

We have installed a Comodo wildcard cert on our 2050 for use with the SSL-VPN and Captive Portal.  IE and Chrome are fine, but Firefox always says the it can't verify the authenticity of the cert.  I remember reading in another post that someone had

Permanently cached user to IP

Did a search, but nothing seems to answer my question:

I would like input from more knowledgable folks on the problem described - the permanent caching of a "good" account on computers that are kiosk mode and logged in with "ignored" accounts.  See ex

RDP incomplete session

RDP worked before the installation of PAN 500. Now I'm having an incomplete session on RDP (TCP handshake is dropping). How do I fix this:

760     t.120          DISCARD FLOW  NS   172.21.196.181[4483]/l3-trust/6  (70.159.69.130[2588])
vsys1