General Topics

Resolved! Access to Palto Alto beta / early availabilty program?

So I see over on Issue in the syslog message format in Palo Alto 6 beta 1 that PANOS 6.0 is in beta... how do we as customers request to be in PA's beta program? I was totally unaware that PANOS 6.0 was being worked on.

Detecting / mitigating Cryptolocker

Hello,my customer is worried about Cryptolocker infections in the network - CryptoLocker Ransomware Infections | US-CERT. Do you happen to have any best practices or general tips on how to use PAN tools to detect and prevent Cryptolocker from infecting hosts? Cheers, Tuomo

Can Nested Groups be used in the PAN (when using Group-Mapping)?

Hello, We are on PAN-OS 5.0.8 and use PA-5050, PA-5060, PA-200 (test boxes) and PA-3020's. We use the User-ID Agent running on VM servers. I have a couple questions, 1) When the PAN "loads" the group membership from our LDAP instance... we get the users that are part of the AD Groups we have "Group-Mapped"... Which is good and as expect...

Resolved! pdf summary report

I am having trouble finding how I would run a pdf summary report for a specific time period. If you click the summary report and then the date it generates for that day.Am I able to do this for the previous month?Thanks

Resolved! Using Regex search in Monitor Tab

I want to make a search string with regular expression in Monitor tab --> TrafficLike that ( addr.src in (192.168.*?) ).If I have any miss syntax, please help me.Any document for Regular expression for searching in pan, please show me

Resolved! Is there way that application-override for icmp??

Hello Is there way that application-override for icmp base application as ping , traceroute ??I would like to bypass from L7-Engine.Thanks

Resolved! How to setup SSO on a Microsoft Surface PRO

Hi,We're using GlobalProtect client on many workstations. GP Agent is configured in SSO mode. This work flawlessly on Windows XP, 7, and some Windows 8 Pro PCs and tablets.I just got a brand new Microsoft Surface Pro running Windows 8 Pro 64 bits. For some reason, SSO won't work with this tablet. It looks like credentials are not sent to the GP ...

I'm having a problem with Canon printers communicating with an external IP (Canon site).

I'm having a problem with Canon printers communicating with an external IP (Canon site). They are trying to communicate to a particular IP on port 443 (simple, right?) but they aren't contacting the destination. I checked my Palo monitor and didn't see anything wrong but I thought I'd create fresh rules just for these printers. So, I've setup...

Resolved! Using Virtual Router

Hi all,Having a paloalto with multiple VR and subnet overlapping ( having multiple interfaces / Sub witth same subnet).EX: Int1 - IP: 10.1.1.1/24 - VR1 Int2 - IP: 10.1.1.1/24 - VR2 .....It works but does anybody knoes how: For management services, specify one VR or another. You can choose per IP but not per VR / Interface ? F...

How to disable the use of SSL compression on HTTP-TLS interfaces on the device.

Dear All,Please help me on this issue. The IT Security Audit team has scanned the PaloAlto Firewall PA-2050 and they found this vulnerability:*********************************************************************************************************62565 (1) - TLS CRIME VulnerabilitySynopsis:The remote service has a configuration that may make it ...

Resolved! Monitoring VPN tunnel by email

Hi all,Is there an effective way to send an email alert if a VPN tunnel is down? I checked several places in the web admin UI but could not find a good way to configure it.Thanks!PM

Securing IPSec VPN tunnel

Recently we are planning to roll out potentially hundreds of IPSEC VPN tunnels at our customer locations to access our own remote devices securely over the Internet. However, we don't have good control of physical access to these remote VPN devices managed by us and I don't want unauthorized access to our trusted network (in separate security zo...

Resolved! LDAP Server failover

Hello there.I configured two ldap server in one server profile like below, but it was failed to authenticate from second ldap server when first ldap server had gone down.When configure two ldap server in one server profile, how does failover work?Thank you.

Weird thing custom report

Hi there,One of my custom reports is Top Users Last Month. The report gives 500 top users sorted by bytes. It worked just fine every month for almost a year now. For the last month (november 2013.) there is one user with over 2.6 milion terabytes of total data. Something strange happened when PA calculated total bytes which resulted in this enor...

How to monitor and alert on sessions

HI,I was wondering if anyone has done session monitoring on the network and management interfaces and then alerted as of when a threshold was breached?I would like to do this for TCP and udp sessionsIf you have what network monitoring solution did you use?

Discussions

Resolved! Access to Palto Alto beta / early availabilty program?

Detecting / mitigating Cryptolocker