Custom Vulnerability (.DMG)

Hi All,

PanOSS 5.0.10

The following site (amongst others) hosts a malicious file that I want to block: Download Genieo. The file is a .dmg and I want it blocked to my Mac user estate. Rather than block the URL I thought I would give Custom Signatures >

Idle timeout since 5.0.11

Hi All,

We have an issue with our firewall. Ever since we did the update to 5.0.11 a few weeks back our RDP connections from WAN to LAN are timing out after 30 minutes of Idle time. I have checked the server settings And they are fine, the only thing

VPN is UP but no traffic flows through

Hello

I have noticed the issue a few times, when the VPN was UP but no traffic was going through. I had to clear the VPN for the traffic to flow again. Has any one had this issue and is there anyway to stop this from happening again?

When monitoring th

2 site-2-site tunnels between 2 PAN devices

Hello all,

Would it be possible to setup 2 site-to-site tunnels between 2 PAN devices? I’d like to have 2 “parallel” tunnels to split the traffic in 2 different zones.

Regards,

Stephan van der Plas

System Alert: high:Syslog connection established to server

After upgrading the PA4020 to 6.0 we started to receive email messages with subject line: SYSTEM ALERT : high : Syslog connection established to server.  Is this a new feature?  What is the purpose for this and can we prevent this email message from

How do you Commit the configuration of a Panorama to an existing HA Pair of 5060s?

I followed the instructions from “Panorama-Device-Migration-Tech_Note-revB.pdf” using the CLI method to capture the configuration of an HA Pair of 5060 running PAN OS 5.0.11 and paste it to the Panorama running PAN OS 6.0. The Migration Checklist st

Captive Portal Timeout no new Session - Cisco VPN Client

Hi there,

I'm facing the following challenge.

We have various guest users being authenticted via the captive portal after that, they are using their cisco vpn client.

So there is only one session.

And because all traffic is routed to the vpn connection n

Threshold block

I want to block access to the users only if they watch youtube and the bandwidth consumed is more than 500 Mb.

Is this possible. Can this be done.

Need advice whitelisting external network vuln mgmt scanners

Curious what other PAN companies are doing for this? What best practices around whitelisting your own Vuln mgmt internal and external scanners? When we asked PAN support, they recommended adding a new security policy to top, but that's not scalable b

Panorama Virtual Appliance

We're getting ready to migrate from CP to PAN. We have a lic for the Panorma Virtual Appliance. Looking at the doc; 10 or less firewalls is recommended, we have bit more. Has anyone experienced this? Documentation doesn't say why, leaves me wondering

Use of Web Content Filtering for WAN VPN connected PCs?

What would be the best way to go about using the content filtering if possible through the Palo device through PCs that are connected via WAN VPN connections?   The current WAN connection is a split tunnel using a Cradlepoint router.   Is there a way

Firefox SSL decryption issue

We've had PAN kit for the best part of a year and use it for SSL decryption among other things. 

The SSL certs were generated via a CA on our domain. IE, and Chrome work transparently, firefox used to. I know get a "This Connection is Untrusted" page

Custom signature needed to detect "invalid username" response to a brute force login attempt (is it possible?)

Hi,

I'm new to Palo Alto and custom threat signatures. I'm trying to detect invalid login attempts to a web site and apply a time rate. When the user enters an invalid username in the login, the site returns the text "invalid username". Which context