Eval question

Given a flow and properly written policy to allow Facebook and its myriad apps/widgets on port 80/443, other than the admin management overhead (i.e., having to open ports 80 and 443), how is what Palo Alto does different from what Checkpoint does?

Th

Counter to identify if device is dropping traffic

Hi Everyone,

I am looking for help to identify the best way to see if my firewall is dropping traffic because it cannot keep up with the amount of traffic going through the interface.  I want to make sure my firewall can keep up with the amount of tra

OpenSSL Heartbleed bug: CVE-2014-0160

Hi,

Just wondering if any Palo Alto versions are affected by this bug in OpenSSL?

http://heartbleed.com/

Regards

What is the default syslog format in PanOS 5.x?

For all the various log types (config, system, threat, traffic, HIP) what is the default syslog format?

All the fields are available to edit in when creating a custom log, but it would be useful to have the default format defined for reference.

external captive portal

I'm thinking about trying something a little out of the square with user-id and captive portal. Let me start with the context and business goal:

• The PAN is deployed as a data centre firewall.
• I'd like to use some policies that permit clients access to

Global Protect 2-factor Auth & User-ID Mapping

Hi All,

I'm migrating from ASA to Palo Alto including user VPN access (AnyConnect).  The setup will be 2 factor authentication with LDAP/Kerberos (not sure which yet) for the portal and OTP via RADIUS for the gateway.

The current setup allows access li

Eval question

Given a flow and properly written policy to allow Facebook and its myriad apps/widgets on port 80/443, other than the admin management overhead (i.e., having to open ports 80 and 443), how is what Palo Alto does different from what Checkpoint does?

Th

Management server restart

Hello

Today I observed that when I try to logon to my PA200 I got error "Connecting to Management Server failed", when I try to logon by SSH "System initializing; please wait...."

After few minuts a was able to logon by browser and putty.

In system logs

Guest VLAN issues with externel services that we offer

Here's what we need to accomplish:

We have subnets on our networks that need to use our external DNS server (they are Guest VLANs for our WiFi networks). This traffic is visible by our paloalto firewall with layer 3 adresses (10.XXX.30.0/23). When we

Inline PA vwire on inside interface of Cisco ASA HA/pair inline

I am currently running a pair of Cisco ASA 5520 in HA.   I want to protect the traffic going inside with an inline wire on the inside interface of Cisco ASA HA/pair as it travels to the LAN.  A pair PA-2020 are configured in Active/Standby with the w

Global Nat

How can you determnine what the global nat address is on a firewall?