https://live.paloaltonetworks.com/t5/Articles/How-to-Configure-DNS-Sinkhole/ta-p/58891 explains how to configure DNS Sinkholing.
In step 3 the anti-spyware profile is added to the security rule that allows DNS traffic.
Does logging (at session end) ne
...
Hi all,
What are you doing with traffic identify as "insufficient-data"?
I know we are supposed to do pcap and trying to identify if then create custom app but ... on real life
Although you have created a rule for denying all, insufficient-data stil
...
I have a highly regulated environment with multiple internal security zones. We need to be able to run our vulnerability scanning solution against servers in separate zones on a routine basis.
It was simple to exempt the scanner's IP from the Threat P
...
Hi there
Im seeing NAT DIPP fallbacks quite a lot relating to a NAT rule, theres does not appear anything not working so im wondering if its somehting that im not noticing work. Ocasionally it feels more sluggish that it should when browsing web pag
...
PANOS 6.05 inbuilt PAN certificate authority doesnt seem to have the ability to generate a certificate with subjectalternate value for UPN (user principal name e.g user@domain.local ).
This is the standard way that Microsoft embeds usernames (UPN fo
...
Hi ,
Runtime bandwidth shows more than maximum egress value ? . What could be the reason
Thanks
Hi, we are receiving these tries about SQL injection but our Palo alto is not detecting it. How can we do that PA detect this SQLi????? we have updated the threats signatures.
Sql injection
GET /ficha-modelo?id=2&entidad=99999999%27%20oR%20%277%27=%27
...
I'm stumped. I've looked through as many pieces of documentation and discussions as I can find and I think I have everything set up correctly, but it's only half working.
What I have is two PA-5050s in Active/Active. I have two routers on the outsi
...
at the right-most column on the 'browsing summary by website/url-category' are the totals in hours or minutes?
I played around on our lab FW a bit but couldn't get this working. Here are my objectives:
- Create a "White List" custom URL category that allows only a handful of web sites. (Working with URL Filtering profile.)
- Log all permits (Working. I got this
...
Good Afternoon
I have a request to look into a way a Level 1 - 2 Support Person can easily bypass a blocked URL. Be it by policy, a custom button on the response page, captive portal, or a combination of whatever might be needed to do so. Has anyon
...
Hello,
I have two questions.
1.How many can I create url-filtering profile on 5050?
2. And I have watched as below output of cli on 3020,
sylee@PA-3020-uquest(active)> show system state filter cfg.general.max* | match profile
cfg.general.max-profile: 15
...
Does Wildfire support the .ace filetype? I've received messages that should have been filtered that have .ace payloads. The message attachments are clearly malware based on virustotal. The message bodies are classic phishing type attacks. I have a
...
I added an exception to a spyware profile to drop all packets and it now says its dropping and allowing the packets how can that be?
reaper
on:
What does ch mean in PA-VM-OS Software?
OtakarKlier
on:
PCNSE Bootcamp
