IPSec Conversion utility for Cisco ASA to PAN 6.1.1?

I have a couple of Cisco ASA tunnels I need to convert to Pan. Each has about 200 lines of config all told. Whether I mark things up in a word processor or enter it in PAN gui - it's going to be a slog. Pausing to ask the community: Might there be a

Hot shield proxy- PA unable to block

we have created the application filter for proxy based apps-140+ apps are in that proxy filter which includes IKE, IPSec, Hot-shield etc except SSL.

This proxy-based app filter is called in the security policy (with block action). In addition to that

How to detect and block Mastodon?

Hello,

We would like to detect and block "mastodon" SNS.

https://mastodon.social/about

Anybody know to do this?

botnet

Hi,

If someone running a botnet inside local network ,is there a way to  get an alert  like siem, from reports ,from live stattistics ?

 what are the steps to identify these kind of traffic ?

Finally how to block them when threshold reaches  ?

Thanks

DTLS Support

Is there  support for DTLS in any version of GP and PanOS? I can't find any mention of it in the documentation.

Thanks.

404 error on proofpoint miner

Any ideas on what to do about this error?

2017-04-21T02:25:37 (28250)basepoller._poll ERROR: Exception in polling loop for proofpoint-EmergingThreatsDomains: 404 Client Error: Not Found
Traceback (most recent call last):
File "/opt/minemeld/engine/0

MineMeld OutPuts

I would like to have the output link set to HTTP only and not HTTPS.  Is this an option.

Geo

Integrating MineMeld with IBM QRadar

Hi,

I am new to minemeld. I went through the documentation for integrating minemeld with qradar. Succesfully added the TAXII feeds in Qradar.

I couldnt see any values getting populated in reference set defined in Qradar or updates shown in threat int

Terminal Server Agent Installation on Windows Server 2016 (with secure Boot enabled)

Hi,

Does anyone managed to install the terminal server agent version 8.0.0 on a windows server 2016 with secure boot enabled?

Unfortunately I only get a message (after the installation) when the service is about to get startet that a digitally signed

Vulnerability Protection Configuration

Hi All

I'm wondering how you all have your Vulnerability Protection set up.  I've got a single profile that I use for both inbound and outbound policies

However, I find that alot is reported, that isnt actually of concern to me.

When I look in to it,

Application Incomplete For One Site But OK at Another

I have an IPSec tunnel with source address NATting to a partner. 443 web traffic from site A triggers the IKE and the IPSEC-SA session. In PAN monitoring the application is correctly identified as SSL and in my browser I pull up the site from the par

VPN Access

How do you configure the globalprotect VPN's so they won't route on the internal network but will only let users access it from outside the internal network