Threshold block
I want to block access to the users only if they watch youtube and the bandwidth consumed is more than 500 Mb.Is this possible. Can this be done.
I want to block access to the users only if they watch youtube and the bandwidth consumed is more than 500 Mb.Is this possible. Can this be done.
Curious what other PAN companies are doing for this? What best practices around whitelisting your own Vuln mgmt internal and external scanners? When we asked PAN support, they recommended adding a new security policy to top, but that's not scalable because it needs to be updated each time we allow a new service or security rule inbound. Looking ...
We're getting ready to migrate from CP to PAN. We have a lic for the Panorma Virtual Appliance. Looking at the doc; 10 or less firewalls is recommended, we have bit more. Has anyone experienced this? Documentation doesn't say why, leaves me wondering if we should reconsider going to physical device before starting?
What would be the best way to go about using the content filtering if possible through the Palo device through PCs that are connected via WAN VPN connections? The current WAN connection is a split tunnel using a Cradlepoint router. Is there a way to use the Palo device as a proxy?
We've had PAN kit for the best part of a year and use it for SSL decryption among other things. The SSL certs were generated via a CA on our domain. IE, and Chrome work transparently, firefox used to. I know get a "This Connection is Untrusted" page in firefox.www.facebook.com uses an invalid security certificate. The certificate is not trusted...
Hi,From yesterday we have issues with the app categorization. We have a QoS profile defined for youtube with a max bandwith of 5mb.When we browse any https URL the PA appliance categorizes as "youtube-base", with an url categorization of "any":This is facebook browsing We have the update 406-2023, and tried to revert to the 405-2020 and we exper...
Hi,I'm new to Palo Alto and custom threat signatures. I'm trying to detect invalid login attempts to a web site and apply a time rate. When the user enters an invalid username in the login, the site returns the text "invalid username". Which context would I use to search for this pattern match? I read the "Creating Custom Signatures" document, b...
I set ip address 192.168.1.254/24 in the ethernet1 which belong default router in the vsvy1.I try to set the same ip address in the ethernet2 which belong another VR in the vsvy2.When I commit, it will display duplicate address.I just do some lab about vistual system for my client.But I want to sure may I set the same ip in different interface ...
Hi,i can't figure out how to exclude a single IP-Address from tunneling over GlobalProtect. I actually see only the possibility to include single IP's or whole Subnets into tunneling.So what i'm trying to do is to exclude for example the IP 192.168.1.10 from tunneling. But the rest of this subnet should be tunneled. Does anyone know a solution?K...
Are there any "gotchas" as far as going from the later 4.1 versions to the latest 5.0 version that anyone has experienced?
Hi allI user Viber, Kakatalk, Skype on my Android Phone.I sent text msg, voice call bay Viber, Skype, Kakaotalk.But Palo Alto only dectect Skype and Kakao talk I can't see Viber on Palo Alto?Pls help me know why.
HI all. I have the problem with domain users to log in Palo Alto's Portal. I configured as document: Admin Guide v5.0 already. However, It doesn't work correctly, domain account cannot log in. Please support me to fix this problem. Thanks
If an expert could please take a look at a test DMZ zone I'm trying to configure on a PA-500 with OS 5.0.8 and tell me where I've gone wrong I'd appreciate it!I realize it's wide open at the moment, but it's just for personal testing/understanding purposes.DMZ Interface:Static Route:Test NAT (should be irrelevant for this internal test):Test Pol...
Heyi have a problem that traffic does not match to a rulei have this rule"VIP Users" { profile-setting { profiles { file-blocking "Allowed file type-VIP"; } } option { disable-server-response-inspection no; ...
Hi Guys,Have an issue with a pa-500 firewall running 5.11 os. There are 2 problems:1. The system seems to reload every week or so which in itself is bad enough, but when it reloads it is backnto default config.2. A slightly lesser issue is that the monitor isnt showing any of the traffic from interfaces in the sam sec zone even though logging i...
| Subject | Likes |
|---|---|
| 4 Likes | |
| 2 Likes | |
| 2 Likes | |
| 1 Like | |
| 1 Like |
| User | Likes Count |
|---|---|
| 4 | |
| 3 | |
| 2 | |
| 2 | |
| 2 |

