Got Questions? #GetAnswers

by ‎05-05-2018 01:54 PM - edited ‎05-05-2018 09:10 PM (13,236 Views)

 

CONNECT | SHARE | LEARN

  

Our Live Community Sentinel, @BPry, responds to a question posed to the community.

 

Question: What is your favorite Palo Alto Networks NGFW feature?

 

Answer: I've got a few.

 

WildFire

While you surely can't rely on WildFire for everything, I get a large amount of alerts throughout the day from users downloading dumb things, or actively seeing SMTP traffic that I can make sure was actively blocked by our spam gateway. It's amazing how much stuff WildFire catches that I act upon on a daily basis, and how much traffic it stops throughout the day so that it doesn't even get onto the users machine. (Pair this with Traps and you have a winning combination!) 

 

DoS/Zone Protection:

It's amazing to me how easy this feature is to configure, but yet it's one of the least utilized features on the firewall when you actually start talking to other Palo Alto Networks customers. Most people think this is some incredibly hard thing to configure, and really, if you take your time, it's stupid-easy. 

 

URL Filtering:

This is a fairly simple thing, but I love it from a feature prospective. I can ensure that any known malicious URLs aren't visited, and get a report everyday of those that did manage to visit a malicious URL. This used to be something that you had to manage another appliance for, and now it just ties right into your firewalls so that you can manage it just like you would anything else. Again a stupid-easy feature, but one where I'll see people with active licenses not understand how it functions and do things like not include a profile in the correct security policies so that it actually functions. (@BPry from discussion here. See what others have to say, too!)

 

Question: Can I use Panorama as a management and a logging device in one box?

 

Answer: Yes, by default, Panorama can be set up as a log collector and still manage devices.

 

Panorama can be configured to be one or the other, or both. @jdelio

For information on exactly how to configure Panorama to serve this dual purpose, please see the following article:

How to Configure an M-100 to Function as Both a Log Collector and Panorama

New year cock walk 800x600

Rooster`s Walk Cycle, 

 
Question: What happened to the chicken who successfully crossed the road? 

Answer:  That chicken was properly secured -- by Palo Alto Networks, don't you know?
 
Fall on through Ignite, visit the Live Community in Booth 304 and get all your questions answered, your ducks in a row, and your chickens safely secured!
 
Screen Shot 2018-05-05 at 7.15.59 PM.pngCome get your security ducks in a row! Secure the road-crossing chickens! vecteezy.com
 
See you there!

Comments
by Abdul.modi
on ‎05-17-2018 03:01 AM

Can I upgrade PAN-OS from version 8.0.3 to 8.1.0 directly?

Or I have to upgrade each version 8.0.3-8.0.4-8.0.5...8.0.9 and then 8.1.0?

by ValentinaK
on ‎05-22-2018 01:39 AM

Hello, colleagues!

I am a new user of the PaloAlto Network!

 

Please say - Where can I ask a question the best way?

 

My question is - Does  the PaloAlto Network have it own settings for Administrative distance? 

Or it has the default setting ? For ex: RIP 120, OSPF 110

 

Sorry for its simple question.

 

Thank you very much!

 

Valentina

by
on ‎06-04-2018 12:07 AM

Hi @Abdul.modi,

 

It is recommended to go to the latest maintenance release to prevent running into snags or issues during the upgrade.

So first upgrade to 8.0.9 (no need to do 8.0.4-8.0.5 ...) before you go to 8.1.0.

 

Please read up on the upgrade best practice guide here :

https://live.paloaltonetworks.com/t5/Featured-Articles/Best-Practices-for-PAN-OS-Upgrade/tac-p/13696...

 

Cheers !

-Kiwi

by
on ‎06-04-2018 12:17 AM

 Hi @ValentinaK,

 

There are several ways to ask a question:

 

- You can do as you did and ask a question below an existing article/DOC.

- You can contact support and ask your question there.

- Alternatively you can goto our discussion forum and ask you questions there.  The forum is very active and both employees and Palo Alto Networks customers are active on the forum :

https://live.paloaltonetworks.com/t5/General-Topics/bd-p/members_discuss

 

As for your question, Palo Alto Networks tries to remain RFC complaint so it will be using the standards you mentioned.  You can of course change the administrative distance manually :

https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Influence-Routes-in-OSPF-to-Take-...

 

Cheers !

-Kiwi.

Ask Questions Get Answers Join the Live Community
Labels