Automation/API Discussions

PAN Perl learning guides

Hello All,Where can I get information related to Palo Alto Perl scripting.?I need to carry out certain configuration using Perl ScriptingKindly recommend books, learning videos etc etc.Thanks,aMit Jp

I need to test my-profile I created with an exception for ID 36809 Sandworm to "block". How can I test this to be sure sandworm is blocked by the firewall ?

Under the vulnerability-protection -> my-profile I creaed an exception for ID 36809 Sandworm and set to "block". How can I test this to be sure sandworm is blocked by the firewall ?

Resolved! SNMP blocking community string value 'public' and 'private'

I would like to ask for some assistance/validation on a signature issue I’m facing right now.The Customer tried to create an App-ID to identify and block any snmp traffic that has the Community String value of ‘public’ or ‘private’, and block snmp pr...

Restrict the user agent on Palo Alto firewall

Hi All We have a requirement to restrict the user agent through palo alto firewall.For example allow web-browsing only from internet explorer 10 and not from any other version of IE or from any other browser like firefox or google chrome.Kindly advis...

Enable/Disable security rules via XML API

Hi all,is it possible to enable / disable an existing security rule via XML API ?Looking at the documentation (both the XML config guide and the api on the firewall) I found no useful informations on this topic :smileysad:thank's !

Resolved! Admin Role request

Hi Friends,Any one have idea about such kind of admin role. i want give a permission to particular admin to only device operation role (like reboot or shut down device ) but i am able to do this please suggest. :smileyplain:RegardsSatish

PreDefined SSN Pattern Match

Hi All,A Social Security number (SSN) CANNOT : * Contain all zeroes in any specific group (ie 000-##-####, ###-00-####, or ###-##-0000) * Begin with ‘666’. * Begin with any value from ‘900-999′ * Be ‘078-05-1120′ (due to the Woolworth’s Wallet Fiasco...

Data pattern for SSN or CC with file type as text/html is matching .dll files

Hi All,In my LAB Test,Here is what I did,++ Created a data pattern with CC (10) and SSN (10) to match SSN or CC++ Under Data Filtering Profile, added the pattern with file type as "text/html" with Alert threshold as 1++ Sent an email with a file "TES...

00284911- Data filtering regex

Hi,I'm trying to setup custom data filtering using a regex data pattern. I'm thinking of adding some numbers for different cards and also the Bank names.Please provide some guidelines on this.thank you,Charles deHeer-Graham

User-ID API

Hi allI am trying to configure a web server following this link Explicit Login via User-ID APIHowever the auth.php doesn't work and I don' see any error message.The web server is an IIS Windows 2008thoughts?Kind regards.

Strange behavior after custom App creation

Hello,My customer created his own app signature: own-ping ( ICMP type 8), and didn't use it anywhere. After config commit it looks that pings are somehow blocked by firewall...Deleting custom app definition solves problem. This is really strange.Do y...

Creating a custom app-id to block SocialMiner admin access

Hi guys, so I need to create a custom-id to block SocialMiner administrative access including the following:http://x.x.x.x//administration.jsphttp://x.x.x.x//results.jsphttp://x.x.x.x/configuration.jsphttp://x.x.x.x/search.jsphttp://x.x.x..x/cmplatfo...

http-req-uri-path limitation

Does anyone know why there is a 7 character minimum when using "http-req-uri-path"?How would you block on URI for the follwing example: http://FQDN.com/abc/dynamicContent01.jspI cannot filter on just /abc/ as it expects min 7 characters and dynamicCo...

Custom Application Signature for only snmp-read

Hi allI have read the "Creating Custom Signature" Tech Note for PAN-OS 5.0, because I tried to create an application that only allows snmp-read. But there I was blocked by a limitation that I need at least 7 bytes.The snmp-payload looks like the foll...

How to pull group of users from Radius server?

HelloI try to find out solution on Captive Portal with Radius and groups of users but finally we stucked with question "how to get in security policies groups from Radius".Is there any other way to authenticate users in Radius server, but according t...

Forum Posts

PAN Perl learning guides

I need to test my-profile I created with an exception for ID 36809 Sandworm to "block". How can I test this to be sure sandworm is blocked by the firewall ?

Resolved! SNMP blocking community string value 'public' and 'private'

Restrict the user agent on Palo Alto firewall

Enable/Disable security rules via XML API

Resolved! Admin Role request

PreDefined SSN Pattern Match

Data pattern for SSN or CC with file type as text/html is matching .dll files

00284911- Data filtering regex

User-ID API

Strange behavior after custom App creation

Creating a custom app-id to block SocialMiner admin access

http-req-uri-path limitation

Custom Application Signature for only snmp-read

How to pull group of users from Radius server?

Create new IpSec Crypto Profile in rest api

Adding managed device in Panorama via terraform panos provider

Cortex XDR File Retrieval

How to check certificate expiration date from API or CLI?

how to retreive predefined Applications from Panorama using Pan-OS-python

Re: Adding managed device in Panorama via terraform panos provider

Re: how to retreive predefined Applications from Panorama using Pan-OS-python

Re: Rest API for security advisories?

Re: PA - can we have an honest discussion about Ansible and PA?

Network Security

Cloud Security

Security Operations

Resolved! SNMP blocking community string value 'public' and 'private'

Resolved! Admin Role request