General Topics

Google Drive Sync client with Decryption

There seemed to be a work around in the past where you could launch googledrivesync.exe with a --unsafe_network switch that would allow it to deal with the decryption because they seem to have their own preloaded set of CA's the client trusts and doe

Web GUI Font Readability Issues After Upgrading to 7.1

Since upgrading to 7.1 I've noticed that the new font used in the Web GUI is very hard to read.  In many places it appears squished and just looks wrong.

In the list of what's new in 7.1 this is actually touted as a "font update" but it sure seems li

PA-500 Throughput

The PA-500 datasheet indicates that the maximum throughput for traffic being filtered by App-ID is 250Mbps

https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/datasheets/pa-500/pa-500-ds.pdf

What it doesn't say, is what if I just have

Decryption causing more sites to fail

Just floating this out to the community. We have had decryption enabled for the past 2 years. In the last 6 months we are adding a new site to the no decrypt category about once a week. We are up to 94 sites that it can't decrypt. Yesterday it was Of

ACC Behaviour

Hello everyone!

I've got a question about the behaviour of the new ACC in 7.0 and above.

I can apply a global filter for the action of deny.

When I do this, the graphs show no data, even if I click refresh.

If I click 'jump to logs' with the

show counter global filter category flow aspect dos

Hi,

Below is  output of  'show counter global filter category flow aspect dos' 

What does it mean by value and rate . Does it mean '143291' packets dropped ?     

PA blocks outbound port 10443, doesn't show up in logs

I have and external website that I need to access on port 10443: https://<public IP>:10443. The connection never completes and times out. 

If I pull the PA FW out and throw in an ASA, works just fine. The logs on PA don't even show port 10443 being

SMTP weird characters

Hi everyone!

My client's SMTP traffic goes through ASA and Palo Alto and some other network application devices such as proxies and stuff.

At some point, the SMTP message gets some SMTP characters added.

I removed ASA ESMTP inspection just in case, and

incomplete and ddos drops

Hi

The following report shows incomplete

Database: Traffic Log
Columns: Source Zone, Source Address, Source Port, Destination Zone, Destination Address, Destination Port,
Application, Bytes
Query Builder: (app eq incomplete) and (port.dst leq 1023)

but

Importing device into Panorama with shared objects

Hello

I would like to import device into Panorama with all objects as shared into Panorama. I read the below line from PA documentation 

Is it possible to set Log Forwarding profile on ALL existing policies

So, we have been handed down a new requirement that ALL traffic logs must be forwarded to a new syslog server. I've created the server profile and log forwarding profile on my firewalls. My question is:

Is there an easy way to add the log forwardin

IDS/IPS Replacement Product?

What Palo Alto product represents the modern replacement or incarnation of an IDS/IPS?

Download of Panorama for VM-Series Base Images

Dear PA,

Is there any release of Panorama for VM-Series Base Images available to download? If yes, where and how.

I need it to run in the VMware workstation player to test. 

I didn't see the in the software  Updates of my account. 

thank you.

r

Source IP address is set to "none"

Hello All,

Lately I am noticing some polices that the Source IP address set to none as shown below can anyone let me know if none act like any or not?

I think yes as I created policy from Noc_OSS zone with IP add 192.168.*.* toward Default zone wit