How can I properly block youtube, because it's bypassing a PA-3050 on port 443 (https://)?
Unsure quite how to phrase my question. Under Policies >> Security: I have a Rule way at the top for McAfee ePO; tcp; port 8443.Settings that I have set are: Source Zone: Trust Source: IP address for a specific internal host Destination Zone: Untrust Destination Addresses: 2 different unique external hosts Application: any Service:s...
So are there any response available from PAN regarding the topic which you can read below? Like when are updates scheduled to be released, any mitigations you can perform before updates are available etc? Or are they already disclosed (and fixed) over at https://securityadvisories.paloaltonetworks.com/ ? Im thinking of: https://www.troop...
Hi All, I'm currently experiencing some issues with user-id mapping. Some users are not being mapped to IP addresses. Current setup: I have 3 domain controllers - all have Service Accounts with correct privileges. They are also showing as 'Connected' I ran the command 'show user server-monitor state all' on the CLI and noticed that one of th...
Hi all, maybe someone can help me with this. Just did a factory reset on a PA-200 via maintenance mode (via console) and now system reboots automatically in maintenance mode. I followed instruction from here: https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Factory-Reset-a-Palo-Alto-Networks-Device/ta-p/56029 When I go in System...
It's perfectly possible I'm being unusually dumb here, but I can't see an elegant way of allowing application usage on non-standard ports - for example ssh on tcp/32777. The obvious way of doing it is to allow a rule that allows appid:ssh on service:ssh-ports (being a service group consisting of tcp/22 and tcp/32777). That works fine, but is ...
Is it possilbe to show custom regions with gps coordinations on the threat/traffic map with the correct gps coordinates? We have set custom regions for departments with private subnets and gps coordinations.In the traffic or threat map we can only see a great dot for each custom regions. Example: We think, we have the correct cooridnations for t...
Converting config from Nortel Connectivty switch to PA200. 3 interfaces untrust - public ip - 202.3.41.0/28 trust:private ip - 10.10.10.0/24. dmz-203.4.42.96/28 There is one to one mapping of few untrust ip to trust ips( to access trust ips from outside) and also few one to one mapping from dmz to trust. When translating this to PA200. I can d...
HelloQuestion here , how can we move a VSYS from one device to another ? please note that in this scenario we cannot backup everything a restore on target since target is running other things that need to be running .Any ideas ? what are important things ? shared objects ? ... etc . unfortunatly I did not fnd any guidelines.
Hi PA200 PANOS-7.03 Working Production Config: I have captive portal working with local users. User are in 4 groups (1 to 4) . There are 4 url profiles(1 to 4) associated with 4 local user groups. When user tries to go to any site via browser he get prompted for username/pass. Once authenticated user can browse as per 4 secrutiy policies for brw...
I have an issue with my Global Protect Client when i set up to my PAN Firewall. Version Client Global Protect 2.3.3-5 Version PAN 6.0.8 I have Zone Global Protect that all my users-clients GP are defined, I connect through the Untrust Interface that is my peer. Also i have a Ip address Pool defined in my global Protec Zone 192.168.10.1-192.168.1...
Hi all, My team is currently undergoing an audit and one of the requests is for the configuration of the security profiles, including URL filtering, from our firewalls. As we are fairly new to PANOS this has not been requested before. I don't see anything in the CLI reference guide for PANOS 6.3.1, our current version, that would give me thi...
Hi,While setting up a computer with fingerprint authentication+windows password, I discovered that after installing GlobalProtect I could circumvent the whole two-factor authentication by choosing to login with GlobalProtect(clicking the GP icon in the login screen of windows, instead of using the "security key"). The OS used was Windows 8.1 x64...
I'm having SSL decryption issues with the latest versions of Firefox.In Firefox i get following error when visiting a https site:Secure Connection FailedAn error occurred during a connection to live.paloaltonetworks.com. security library: improperly formatted DER-encoded message. (Error code: sec_error_bad_der) The page you are trying to view...
Hi How can i generate a throuput report on my untrust interface .And how can i genearate qos report like class 1 and class 2 usage for a period of time ) Thank you
