Palo alto starter questions

Reply
L2 Linker

Palo alto starter questions

Hi,


Iam a starter for paloalto .. I have few questions so any answers on this will be help full...


  1. What is dynamic block lists and how can we use that?
  2. What is disable server response inspection in a security policy?
  3. how to add virus exceptions based on threat ID , because we don't see any database unless we specify the threat ID
  4. What is Log container page only in URL filtering
  5. how to change the web time out for palo alto firewall
  6. Differnece between config and commit locks


Regards

Raju Reddy

L5 Sessionator

Re: Palo alto starter questions

Hello Rahu,

Please find the answers inline.

1.What is dynamic block lists and how can we use that?

Dynamic Block Lists page to creates an address object based on an imported list of IP addresses.

The source of the list must be a text file and must be located on a web server.

You can set the Repeat option to automatically update the list on the device hourly, daily, weekly, or monthly.

After creating a dynamic block list object, you can then use the address object in the source and destination fields for security policies

2.What is disable server response inspection in a security policy?

This option enforces unidirectional  (client to the server),bypassing the inspection in reverse direction which optimizes Dataplane CPU usage.

3.how to add virus exceptions based on threat ID , because we don't see any database unless we specify the threat ID

4.What is Log container page only in URL filtering

With this box checked g only the URLs that match the content type that is specified are logged .This feature is meant to reduce the number of logs that are generated (mostly images and other code that you may not find useful).  If, however, you do want everything logged, simply disable container page logging.

how to change the web time out for palo alto firewall

Device > Setup > Management>Authentication Settings>Idle Timeout

5.Differnece between config and commit locks

Config lock—Blocks other administrators from making changes to the configuration. This type of lock can be set globally or for a virtual system. It can be removed only by the administrator who set it or by a superuser on the system.

Commit Lock—Blocks other administrators from committing changes until all of the locks have been released. This type of lock prevents collisions that can occur when two administrators are making changes at the same time and the first administrator finishes and commits changes before the second administrator has finished. The lock is released when the current changes are committed by the administrator who applied the lock, or it can be released manually.

P.S: Most of these answers are excerpt from the Admin Guide or the Help (?) Menu in the WebUI

Regards,

Ameya

Ameya

L2 Linker

Re: Palo alto starter questions

Hi,

Thanks for the answer.

What is the default limit of rollbacks.

Please let me know if we can change the number of rollbacks limit.

Thanks Raju Reddy

L5 Sessionator

Re: Palo alto starter questions

You can rollback to around 99th config version from the running config version.This limit cannot be changed.

Regards,

Ameya

-Ameya

Not applicable

Re: Palo alto starter questions

But we are able to load the configuration versions for more than 1000?

I suppose PAN has something called as config versions instead of rollbacks and this can be close to 65000.

THanks,

Srikanth

L5 Sessionator

Re: Palo alto starter questions

Hello Srikanth,Raju,

I stand corrected.

Maximum number of saved config version is 1048576 ,default being 100.

This setting can be changed from the following  section :

*Device > Setup > Management>

Logging and Reporting Settings

Number of Versions for Config Audit

Enter the number of configuration audit versions to save before discarding the oldest ones (default 100).

config -versions.PNG

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!