7.0.3 upgrade
I am planning on upgrading the PA 5050 os from 6.1.7 to 7.0.3. I have been reading over the changes and I think it would be beneficial to see examples instead of description of what changes are , anyone have any recommendations
I am planning on upgrading the PA 5050 os from 6.1.7 to 7.0.3. I have been reading over the changes and I think it would be beneficial to see examples instead of description of what changes are , anyone have any recommendations
We have implimented Global Protect with radius authentication, username/password and a second prompt for OTP, this works great most of the time. We have noticed that when our users connect from poor WiFi, or internet connections, there are times where connections drops out momentairly. This results in Global Protect disconnecting. The user the...
Hi, How to block ssl vpn and ipsec vpn going from trust to untrust . I suspect few users are using like free vpn services like tunnel beer and hola vpn . How can i search those users from palo alto log. Some users are connected from inside to outside world (for official purpose ) using cisco anyconnect (ssl ) and ipsec .And i don't wa...
Hi, I'm searching for the list of supported algorithms for SSH Decryption. I know it's only for SSHv2. rg S
A customer has been warned about DROWN attack (https://drownattack.com/) on one of its servers. As a server is behind PA I thought there was no risk. But searching through signature database I didn't find anything about DROWN attack. I've also checked all CVEs connected with attack (CVE-2015-3197, CVE-2016-0703, CVE-2016-0800) and PA doesn't hav...
We would like to configure PBF to failover when several conditions are met. For instance, if we can't ping our next hop AND we can't ping some public server(s). The idea being, while our next hop might be pingable, there may be a routing issue in the ISP. Therefore, you want to know to if you should failover based on remote beacons. However, we ...
I would like to know if we can use the same UserID agent software for 2 domains in different windows machines. If we cant do it, we need to know if we can run 2 diferent instances of UserId agent in the same windows machine pointing to 2 different domains.
Hi, Users are often getting the message from google and they are forced to enter captcha "Unusual traffic from your computer network",when i check palo alto it seems very normal . Is there a way to classify or monitor the users who really sending bulk traffic to google . When i capture the traffic from the moment user hit google.com , the so...
I'm looking to tweak the "40015 SSH User Authentication Brute-force Attempt" which currently fires at 20 ssh attempts within 60 seconds - I'm looking to increase that 20 number. For some reason I can't think of how to easily tweak it right now... maybe I need more coffee to join my synapses. Can someone assist?
Has anyone been able to successfully get subsecond failovers to work with active/passive firewalls running dynamic routing protocols such as BGP or OSPF? In our lab testing, it appears we can get the firewall to failover instantly, but then it takes BGP a few seconds to drop/re-establish. Our next testing will be OSPF to see if that helps spee...
We're currently observing something quite interesting:On our highly oversized PA-5050 firewall, software packet buffer 0 is, for several hours a day exhausted. This is the platform (pair that runs in High Avalailability A/P):family: 5000model: PA-5050sw-version: 7.0.4 This is the anomaly: > debug dataplane pool statistics Software Pools[ ...
Hello. Currently we use OSPF as our routing protocol between five locations over a layer two IP Ethernet network provided by telco A. In order to get carrier diverse routes and add redundancy we are adding a second similar network provided by Telco B. We have a single “normal” (not stub or NSSA) OSPF area with a metric of 10 and a single redistr...
This morning our PAs began blocking internal Sharepoint document access with App-ID 36995. The traffic that is blocked is coming from IE11 + Windows 7 clients. I'm not sure why this bash vulnerability is being flagged as affecting Windows servers + clients in this case. Anyone have ideas?
Hello everyone. I need to publish 2 webservers (192.168.23.10 and 192.168.23.11), both located inside my LAN (trusted zone) through 2 different public IP addresses (200.111.111.114 and 200.111.111.115). This is the configuration: admin@PA-500# show network interface ethernet ethernet1/1 ethernet1/1 { layer3 { ipv6 { neighbor-disc...
Hi, can You help with following question?: In my policies i want allow google base searching, but do not allow google accounts,or google apps.
| Subject | Likes |
|---|---|
| 4 Likes | |
| 3 Likes | |
| 2 Likes | |
| 2 Likes | |
| 1 Like |
| User | Likes Count |
|---|---|
| 7 | |
| 5 | |
| 3 | |
| 3 | |
| 2 |

