File blocking .doc isnt working

Hi,

We have configured a policy for File blocking in order to ask confirmation before download .doc files.

doc file: www.apd.cat/ca/media/2165.doc

This is the policy

When i try to download this .doc file, the browser stuck loading but it shows nothing, t

NTML authentcation for Captive Portal

Hi All,

I am looking for ways to configure Captive portal policy with NTLM authentication.

I have read a good number of PDFs from Palo alto but still unable to understand how do i configure it.

In short i need to know how do we configure NTLM authentica

Can I make dynamic address group using xml in panorama?

Hello,

I want to make dynamic address group using xml in panorama.

But I have not found it out the way.

I guess they are same mechanism who inputing user-id and inputing registered-address when using xml.

As you knew, we can not push usr-id to panorama.

REST XML API- USING ORACLE and Panaorama , Dynamic address object updation failure on Palo-Alto Devices

The Oracle server is making REST-XML API request from a SQL PROCEDURE using the UTL_HTTP package to Panorama server for the below

1. key generation for panorama   [ Successful ]
2. Dynamic object creation on panorama   [ Successful ]
3. FW rule creation on panor

site-to-site vpn from Sophos

IKE coming from a Sophos device is incorrectly identified as application ciscovpn instead of application ike.

Is this because Sophos uses cisco-ish protocol ? All I see in the logs is udp 500...

I'm happy allowing application ike, our other site-to-sit

Ignore usernames that start with sophos?

On our servers we have the User-ID being mapped as companyname.com\sophosCOMPUTERNAME

Sophos is our AV software which uses that account for getting updates. Is there anyway for me to add any names beginning as sophos to my ignore_user_list.txt?

Has anyone had success using Cisco Systems' Private VLANs and Palo Alto firewalls?

We have considered the benefits of Cisco Systems' Private VLANs (RFC 5517 - Cisco Systems)and taken a stab at implemented a test. the idea is that 192.168.2.100 and 192.168.2.101 are in separate private vlans, but may need to talk to each other and w

Alerts for SSN and credit card

Is it possible to alert for SSN and credit card information on inbound and outbound traffic on the PA? If so how easy is it?

DShield top 20

Is anyone currently using this dshield top 20 list subscription? How well does it work/ Is anyone blocking inbound, outbound or both? What is the best way to configure it?

YouTube Safety Mode

Hello,

Right now we are using Safe search enforcement for staff and students.  We allow YouTube for both groups but require Safety Mode to be enabled.  However, we have been running into a lot of issues with YouTube flagging videos as inappropriate ev

Unblock IP address after threat triggered block-ip

Suppose a long time value was set for a threat where one had set the action to block-ip - say 10 minutes

Is there any way via the CLI or GUI to see the list of IP addresses that are blocked due to the threat engine?

Better still, is there a way to clea

How to find active high bandwidth user

If a Palo Alto firewall is experiencing high throughput, what's the best way to find the source user/IP while the high throughput is occurring?

We have all of our security policies set to log on session end, so that traffic log wouldn't help since the

How many security rule supported for PA7050?

Hi guys.

Nowadays I have got a project for installing PA7050 but I confused about the PA7050 how many security rule supported for PA7050. Several months ago, I checked the DataSheet and Compare tools of PA7050 that mentioned PA7050 supported 80,000 ru