Viewing Drop Packets/Log on FW.

Is there another method to view logs/packets that are drop on the firewall without having to do a packet capture. Is there a command that could be used in the CLI to view all drops data.  If anyone know if this is possible please comment.

How to do URL Whitelists?

I am trying to figure out how to do Whitelists for a list of URLs and I am not having much luck.

By default all outgoing is allowed on everything internal.

I have a group of addresses that should only be allowed to view certain websites with wildcard

Allowing "Save" function in a limited Admin Role

I have created an Admin Role for helpdesk users, limited to URL log, URL Objects and Custom URL Category.

However, the users do not get the "Save" Option in their login.

Anyone know which part of the tree I need to allow access to in order to get the S

DNS in IPv6 RA

I think it is time to start the first IPv6 only setups. What I missed in my testing setups was the DNS option in the RA (RFC 6106).

Has anybody IPv6 only setups routed via PA?

Commit error - vsys1 decryption: forward decrypt untrust cert is not configured

Hi,

This commit error: "Warning: vsys1 decryption: forward decrypt untrust cert is not configured, forward decrypt trust cert will be used instead." Means, that i must generate "Forward untrust certificate" or what?

Is it possible to create AD group based authentication for PaloAlto administrators?

Hi All,.

Is it possible to create AD group based authentication for PaloAlto administrators?

If yes, kindly provide the steps for the same.

Regards,

Gururaj

One-to-One NAT - DMZ to inside - how do I make it work?

Folks.

I'm apparently having a particularly stupid day, because I can;t make something as simple as one-to-one NAT work.

Scenario is this.

I have an IP in my DMZ. I have assigned this IP to a particular server which is hosted on my INSIDE (secure) netwo

How do I setup dual ISPs on pa500 with ver 5.0.3 firmware

I need some clear documentation for how to setup a secondary internet connection to take over if primary fails. I know this is done with Policy Based Routing but that is about all I know. I found documentation on this but it was for firmware version

L2 subinterface + L3 subinterface on the same interface

Hello all,

Is it possible to create an L2 tagged sub-interface and an L3 tagged sub-interface on the same physical interface.

For example.

Ethernet 1/6

    Ethernet 1/6.100 --- L2 Interface.    Security Zone "IPS only".      /* this sub-interface will be

i am looking SNMP OID and MIB values

I am looking for SNMP OID and MIB values for monitor CPU, Memory, HA status, and interfaces

Vulnerability in TCP packet

Hi guys ,

Is it possible for PAN to block asynchronous tcp and RST packets to prevent attack ?

Regards,

Bryan