General Topics

In my PAN firewall, I can see a lot of spyware detection in Monitor tab.

Hi,

I can see a lot of spyware detected by PAN firewall. The threat is like- "Suspicious DNS Query (conficker:xtujyzyo.net)" .

Does anybody knows about this kind of issue?

Replace a panorama managed device with a new device (different model)

Hi All,

We need to replace old PA2020 (PAN-OS 5.0.10) that is managed via Panorama (PAN-OS 6.0) with new PA3020.

Referring to Panorama adminstrator guide 6.0, "How do I replace Panorama or a managed device in the event of a hadrware failure/RMA?"

Questi

Havex Malware

Hi all,

Do you have any information about PAN detection capability for the Havex malware family: http://www.f-secure.com/weblog/archives/00002718.html

Threat vault seems to produce no hits at the moment.

Tuomo

Split tunneling on iOS

Playing around with IPSec VPN on a PA-500 for my mobile users. On iOS, it's working fine with the built in IPSec VPN client, but split tunneling is not supported. I'm wondering if this feature is available if I use the GP client app instead of the bu

Commit fail error "Duplicate user name"

Hi. all..

I Have a question about User-id.

I am configured LDAP setting about PA-2050.(OS Version 4.1.9)

Sometimes I saw the messages about  commit fail error when I set up a user-id through security policy.

The error message is "duplicate user name".

I g

ipsec vpn issue

I configured ipsec vpn with palo alto to checkpoint.

pinging isp:

local/external ip(182.x.x.x) to peer ip(102.x.x.x) ping successful.

pinging local network to peer ip:

local pc(10.10.10.x) to peer ip(102.x.x.x) ping unsuccessful..tracert confirm drops on

Active/active ha config

Hi All,

my req:

isp 1 4mbps(untrust) ->pa 500a->(trust)cisco switch l3a->

isp 2 4mbps(untrust)->pa 500b->(trust)cisco  switch l3b->    same web servers but using  isp 1 &2 public ip's(redundancy purpose) to do static s-nat for web servers

external users

New Flash volnureability! (CVE-2014-4671)

Hello

According to Adobe Security Bulletin its serious volnureability, when we can expects protection on PAN?

At the moment on https://threatvault.paloaltonetworks.com/ I can't find CVE-2014-4671

Regards

Slawek

Requirements to alert an threat

Hello,

is there any possibility to get any information about the requirements for detecting an specific threat.

e.g. there is Signature ID : 13457 EBURY, what is this signature looking for ?

Do I have to decrypt anything on the PA to give a deeper look

PAN GlobalProtect 2.0.3 doesn't work

So, I activated GlobalProtect 2.0.3 yesterday and have found that it fails to connect. The user will click "Connect" and the globe will spin for about 30 seconds then it closes itself and reopen on the taskbar(icon disappears and reappears). I am cur

HA-HA group mappings not passing to secondary PANOS 6.03

Hello,

I have group mappings present on the Primary Firewall, not passing to the secondary Firewall.  Specifically for a new gorup created today.  I have tried the various debug refresh commands on both boxes to attempt the get the seocndary box to pu