General Topics

REST XML API- USING ORACLE and Panaorama , Dynamic address object updation failure on Palo-Alto Devices

The Oracle server is making REST-XML API request from a SQL PROCEDURE using the UTL_HTTP package to Panorama server for the below

1. key generation for panorama   [ Successful ]
2. Dynamic object creation on panorama   [ Successful ]
3. FW rule creation on panor

site-to-site vpn from Sophos

IKE coming from a Sophos device is incorrectly identified as application ciscovpn instead of application ike.

Is this because Sophos uses cisco-ish protocol ? All I see in the logs is udp 500...

I'm happy allowing application ike, our other site-to-sit

Ignore usernames that start with sophos?

On our servers we have the User-ID being mapped as companyname.com\sophosCOMPUTERNAME

Sophos is our AV software which uses that account for getting updates. Is there anyway for me to add any names beginning as sophos to my ignore_user_list.txt?

Has anyone had success using Cisco Systems' Private VLANs and Palo Alto firewalls?

We have considered the benefits of Cisco Systems' Private VLANs (RFC 5517 - Cisco Systems)and taken a stab at implemented a test. the idea is that 192.168.2.100 and 192.168.2.101 are in separate private vlans, but may need to talk to each other and w

Alerts for SSN and credit card

Is it possible to alert for SSN and credit card information on inbound and outbound traffic on the PA? If so how easy is it?

DShield top 20

Is anyone currently using this dshield top 20 list subscription? How well does it work/ Is anyone blocking inbound, outbound or both? What is the best way to configure it?

YouTube Safety Mode

Hello,

Right now we are using Safe search enforcement for staff and students.  We allow YouTube for both groups but require Safety Mode to be enabled.  However, we have been running into a lot of issues with YouTube flagging videos as inappropriate ev

Unblock IP address after threat triggered block-ip

Suppose a long time value was set for a threat where one had set the action to block-ip - say 10 minutes

Is there any way via the CLI or GUI to see the list of IP addresses that are blocked due to the threat engine?

Better still, is there a way to clea

How many security rule supported for PA7050?

Hi guys.

Nowadays I have got a project for installing PA7050 but I confused about the PA7050 how many security rule supported for PA7050. Several months ago, I checked the DataSheet and Compare tools of PA7050 that mentioned PA7050 supported 80,000 ru

Site to site VPN with isa server firewall

Dear Friends,

I am facing some challenge, vpn configuration with ISA server firewall. Ph-1 is up but PH-2 is not. when i put the proxy id both side firewall external ip , both Ph is up. when i put the LAN segment like (local 172.30.30.0/24 remote 192.

The Check Point Advantage

3 years ago, we replaced Check Point firewalls with Palo Alto Networks.

Seems this was a huge mistake. We might have to go back …..

The Check Point Advantage

"Palo Alto Networks, a newcomer to security, falls short in their architecture and solutions"

A

Interface Names (for purposes of SNMP)

Is there any way to change the name or description of an interface in the device configuration? We use What's Up Gold to monitor most devices on our network- it walks SNMP and retrieves the default names just fine (mgmt, ha1, ethernet1/1, ethernet1/2