A: Packet captures and lots of them. Find a regularly appearing pattern of data that reliably appears in all sessions.
Refine to a signature that’s accurate enough to identify app but not cause a false positive. Plug this into a custom app config.
Q: How does malware protection work?
A: In Traps, based on behavior.
In the firewall, based on signature and WildFire verdict.
WildFire verdict is based on result of sandbox analysis.
Also, many other factors are taken into account, like DNS resolution, malicious URLs, etc.
Q: Why does dynamic updates check fail 1-2 times a day?
A: DNS issue troubleshooting.
Q: Why GlobalProtect Cloud Service instead of hardware?
A: It is a SaaS solution. No hardware to deal with.
Q: Talking about VM Series, can DVM and OoenStack do live migration?
A: No live migration.
Q: Does Traps support Linux?
Q: Will Traps still be available in-house vs cloud after the next version?
QUESTION: What is a tap interface? ANSWER: A passive interface in promiscuous mode.
Q: What does a TAP interface do and how does it work? A: TAP interface is used to get a copy of all traffic across the designated port. Any interface can be a TAP interface except management. Take a look at Reaper's extensive coverage of tap interface in