Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Configuration Wizard Device

Here you will find content that will no longer be featured across LIVEcommunity. Although the content will soon be retired, it may still be relevant for your needs. For the most accurate and updated information on BPA, please visit the AIOps for NGFW articles.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
About Configuration Wizard Device

Here you will find content that will no longer be featured across LIVEcommunity. Although the content will soon be retired, it may still be relevant for your needs. For the most accurate and updated information on BPA, please visit the AIOps for NGFW articles.

  Wildfire submission logs would have a log event when a file sent to the Wildfire cloud for inspection was identified and given a verdict as Grayware file. If not enabled this log is not created and is created only for malware files. When the Report Grayware Files option is enabled, details such as session information, Behavioral summary, Network Activity, Host Activity and more that are helpful in analytics. As a best practice, we recommend having a check mark on the Report Grayware File box under WildFire general Settings in Device Setup.
View full article
  Rematch Sessions causes the firewall to apply newly configured Security policies to sessions that are already in progress. If this setting is disabled, any policy change applies only to sessions initiated after the policy change was committed. By enabling Rematch Sessions firewall will apply newly created security rules to the existing active sessions. For instance, if we have found that there are policies allowing file transfers to an insecure network and there are currently sessions that are still active, if we create a new rule to block them and commit the configuration of the firewall, it would instantly remake the new policy to existing sessions. It would also, if the action on the new rule is set to deny, immediately close the session.
View full article
  Lockout time helps in disconnecting an administrator for a certain time period before the next login attempt is made to make sure continuous attempts are not made to login into the system. This generally is observed with malicious intent and it controls this behavior. Use the command "request authentication unlock-admin user" to unlock the admin user. The Lockout Time sets the amount of time to wait between login attempts after the Failed Attempts counter is exceeded to prevent continuous login attempts from a malicious actor.
View full article
  A failed attempt to login may be made out of human error and can be corrected in a couple attempts. If we have this value more than few attempts then we may allow a malicious system to try to login with repeated attempts until success to gain access into the firewall and control the device. Setting a low number of Failed Attempts allows users who make typing errors to retry the login a reasonable number of times while preventing malicious systems from trying to access the firewall with repeated login attempts until they gain access.
View full article
  Do not forward TCP out-of-order queue segments. If this option is disabled, the firewall drops segments that exceed the out-of-order queue limit. This option is disabled by default and should remain this way for the most secure deployment. Until the firewall receives all of the packets in order, it can’t send them from the TCP layer to the Application layer. So forwarding segments that exceed the TCP out-of-order queue limit can cause extra delay and degrade firewall performance.
View full article
  UDP datagrams that exceed the UDP content inspection queue should not be forwarded. If you forward packets when the UDP content inspection queue is full, the firewall can’t inspect the content at the UDP layer, so it may not be able to identify and process malicious traffic.
View full article
  Packets that exceed the TCP content inspection queue should not be forwarded. If you forward packets when the TCP content inspection queue is full, the firewall can’t inspect the content at the TCP layer, so it may not be able to identify and process malicious traffic.
View full article
  • 7 Posts
  • 132 Subscriptions
Customer Advisories

Your security posture is important to us. If you’re a Palo Alto Networks customer, be sure to login to see the latest critical announcements and updates in our Customer Advisories area.

Learn how to subscribe to and receive email notifications here.

Listen to PANCast

PANCast is a Palo Alto Networks podcast that provides actionable insights to customers, helping you maximize your investment while improving your cybersecurity posture.

Labels
  • BPAPlus 7
Top Contributors