Dynamic IP lists and FQDN?

The only type of external dynamic list i appear to be able to specify in my firewall policy is a dynamic IP list (not a dynamic domain list). And the formatting of such lists appears to be purely for IP addresses. So my question is, how can i specify fully qualified domain names in a dynamic list usable in a firewall policy?

Recommended MineMeld prototypes/miners?

I defined two miners - Alient_Vault_Reputation and Bambenek_Consulting - and assigned them to the appropriate processor and output. I then added them to a global deny rule in PA. Are there any other recommended prototypes with a high reputation to add as a miner for blocking IPs? Thx

URL Filtering Team creating MORE of a risk

Hi all, Does anyone know how to directly interact with the URL filtering team besides urlfiltering.paloaltonetworks.com? I would especially like to reach a manager. I am having huge problems with them. I keep submitting sites on which scanners have found malware (usually after one of my users visits them) and they keep refusing to recategoriz...

How to avoid and prevention about CVE-2018-11776 with palo alto firewall

Hi Expert , Please suggest to me about how to avoid CVE-2018-11776 what are affecting about this vulnerability also palo alto firewall can detect or prevent CVE-2018-11776 ? Thank you

SSL DERYPTION : How to automate URL/domaine decryption Exclusion properly?

Use case : Ours users go through Palo alto for internet access. Decryption feaures has been enabled.When users try to access to internet may failed because the decryption-error.We need a solution to automate URL SSL decryption exclusion and log urls excluded for review. Perfectly in a dynamics external list or in a custom url category. Theses dy...

How Palo Alto Networks Identifies GnuTLS Server Hello Session ID Heap Buffer Over Without Decryption

HI All, We detected Vulnerability: 36926 ID- GnuTLS Server Hello Session ID Heap Buffer Overflow in Palo Alto firewall. In our cutomers Firewall enviroment we not enable the SSL Descryption Feature. Customers Queries us.. How and Why Palo Alto able detect the Vulnerability threat without the SSL? Can Any one assist us on this?

PAN-DB Connectivity

Hi, We are faced with the connectivity issue when we tried to download the URL filtering DB from PAN-DB. As the firewall has an external interface to the internet, we have changed the service route for “Palo Alto Networks Services” to the external interface. However, we are not able to get connected to the PAN-DB. We are able to ping to the PAN-...

how to integrate x force free feeds with minemled?

Need to Verify traffic.

Hello All, I am using PA-820, i only have cli access to device. I will require to verify traffic from a particular source and destination on the device. Do we have any commands to do that ? May be something like packet tracer to get all the routes / ACL / NAT supporting. Thanks in advance.

Increased FP's for Wildfire Viruses

Has anyone noticed an increase in the number of false-positives being generated by Wildfire in the last few weeks? I seem to be getting a increased number of alerts for WF learnt viruses on apps that have never caused issues before. Always worried that it is indeed a real alert, but as far as we can tell it's not. Just wondering if anyone else ...