DoS applictation attack to DNS server - how to prevent, and how to create report showing IP addressess with the highest number of session (not bytes) opened to it

From time to time I observe a lots of DNS queries (not UDP floods) from Internet to my DNS servers. Unfortunately those queries have negative inpact to my old firewall (it can't establish so many sessions, which makes the network stops).

Probably my D

PA acquires stealth mode startup Morta

"Morta Security is a stealth-mode start-up developing a new paradigm to counter advanced cyber threats. Traditional layered network defense is broken and Morta is poised to turn the tables on advanced attackers. Led by executives and engineers from t

Cisco VPN Client syslog to user-id agent

Hi,

We are trying to have Cisco ASA VPN server to send syslog message to kiwi syslog server.  The kiwi syslog server uses the vbscript to feed vpn username and vpn assigned ip address to user-id agents.  The cisco vpn client log-off message does not c

Benefits of using DNS Proxy?

Are there any Security benefits to using the current implementation of DNS proxy on the PAN? I have seen on the ver 6.0, a new feature called DNS sinkhole, but I don't think it will require the DNS proxy feature. Watchguard checks DNS headers and a c

Custom Report

Hi all

In user activity report there  Browsing Summary by Website and i need to use it in custom report instead of Full URL description as the report

Regards

Problem with ssh decryption after SSH server upgrade

After upgrade ssh server to OpenSSH_6.4p1-hpn14v2, OpenSSL 1.0.0j 10 May 2012 I can't connect to this server when using ssh decryption on Palo Alto.

Before ssh server upgrade, decryption was working correctly and I could connect and decrypt ssh traffi

Custom APP-ID

Hi,

I'm trying to create a custom APP-ID for nearmaps.com. However, cannot get the monitoring to identify the traffic. Following is how I created the APP-ID,

captured the header information from HTTPFox on Firefox. Refer attached screenshot

Im not sure

Monitor session end reason

Hello,

How to check what was the reason behind session end? I mean it could be RST, FIN or timeout from firewall.

Regards,

ifpilm

Tunnel Monitor Configuration question

Operation CommitResult Failed
DetailsIPSec tunnel #NAME enabled tunnel monitoring while binding to tunnel interface tunnel which has no IP address assigned to it yet.

I receive this error when configuring a tunnel monitor to the IPSec tunnel. I'm guess

IPSEC Tunnels and HA Failover

Hello,

In a scenario with two palo alto firewalls where the active firewall fails over to the passive firewall, if there are IPSEC tunnels established are they suppose to automatically come up on the second firewall when the failover occurs or do we

dynamic address group

Hi,

when adding an dynamic address gorup with a lot of criteria(each or criterias not and)

is there a way to learn which criteria related to which ip address.

when using command " show object dynamic-address-group all" I cannot understand which ip is re

VPN to dynamic (ddns) destination

I have a VPN setup to a destination that using ddns to keep the hostname across IP changes. This works fine as long as the remote end is initiating the tunnel, but it seems the PA cannot be configured to be able to also *initiate* the tunnel:

When the

SFTP Timeout

We are experiencing a timeout across SFTP; while SSH seems to be set to timeout at 120 hours, SFTP transfers are timing out at the 1 hour marker.

Is this an expected result? And if so, can we adjust the timeout for SFTP specifically?

Thank you.