Mail attachment virus scanning

How can I implement proper mail attachment virus scanning ?

For incoming mail, I have an antivirus security profile in place that should block virusses (smtp decoder), nothing fancy really:

I notice that the PA doesn't filter attached virusses too well

Wildfire Action doubt

Hello,

We do not have license wildfire in some of our devices.

Do you know if wildfire action (Antivirus Profile) would function without this license?

Regards,

dicu

Inspection of 'http-proxy' traffic

My instinct when I read my own title is to tell me to block the app-id type http-proxy as I can't see inside it and it shouldn't be on my network.

However, I have a requirement, mostly due to legacy infrastructure, where all the traffic passing throug

Can Palo Alto be used as a reverse proxy?

We have this scenario that Palo Alto will receive the inbound mail then will be pass to the PMX server(pure message) going to the exchange server. After going to the exchange server, it must be forwarded to the FW but the problem is that the Core Swi

Number of user-ip-mappings supported and user-id agentless buffer question

Hello sirs,

I have the question about User-id feature for 2 topic as below.

1. Number of user ip mappings supported  

As picture below I see difference number of user ip mappings supported between Mgmt plane and Data plane.

I have the following question

SANS Institute - PAN Firewall Security Configuration Best Practice

Just wanted to let you know

https://www.sans.org/reading-room/whitepapers/auditing/palo-alto-firewall-security-configuration-benchmark-35777

Certificate failed to load

Hi all,

We have two PA-4060 in active/passive mode with PAN-OS 4.1.12 (I know, old..).

Yesterday, after rebooting passive device auto commit failed with:

Error: Certificate 'XYZ' failed to load: failed to parse key

and device went to not-ready state.

Afte

ISSUE WITH GLOBAL PROTECT

We have configured One VR-1 only

Ethernet 1/1 is a WAN interface

Ethernet 1/2 is a WAN interface

Ethernet 1/3 is a WAN interface

Ethernet 1/4 is a LAN interface

We’ve created

ETH1-ZONE for Ethernet 1/1

ETH2-ZONE for Ethernet 1/2

ETH3-ZONE for Ethernet 1/3

ET

Would Traps be able to detect and kill this file on the host without requiring any manual remediation?

A customer is seeing infected word files with macro in their network. The firewall is not able to block this file because the macro keeps changing file hash, even with WildFire enabled.

Would Traps be able to detect and kill this file on the host with

En modo mantenimiento no me deja hacerle un factory reset, me aparece typeerror: unpack-sequence

Traceback (most recent call last):vigate,  ENTER=Select,  ESC=Back

  File "/usr/local/bin/mrt", line 192, in ?

    main(sys.argv[1:])

  File "/usr/local/bin/mrt", line 187, in main

    m.main()

  File "/usr/lib/python2.4/site-packages/mrt/ui.py", line 433

Can PA be possible for content inspection after ssh decryption?

Hello,

Can PA be possible for content inspection after ssh decryption?

I looked the below document.

Details on Port Forwarding Inside SSH

This document mentioned the following comment.

"Content and threat inspection is not done on the SSH tunnel session"

I