Disable SSH password authentication?
After I have loaded public keys for administrators on my PA Devices, is there a way to disable SSH password based authentication?Thanks!
After I have loaded public keys for administrators on my PA Devices, is there a way to disable SSH password based authentication?Thanks!
Hi all,Any one knows whether we can just use self-signed cert in Linux VPNC without using the Pre-Shared Secret Authentication? Or it is a must to use the Pre-Shared Secret Authentication?Than
Hi Guys,I have had an issue arise that seems to be related to Dropbox using Amazon's S3 storage. We have had need to allow certain users access to dropbox to upload files to clients and between sites with slow connections. And in the beginning I created a rule that allowed access using dropbox and SSL to the Dropbox Netrange they use. Which was ...
Currently we are running Cisco ASA firewall which is connected to the ISP. When the ASA is connected we get an upload and download speed of 100MBX100MB.Whenever I connect the PA 3020 the upload speed falls to 10Mbps and download speed to 70Mbps. Has anyone experienced this before on a PA platform?
I'm trying to run a report on user activity via the webfilter for a particular user. I would use the GUI but the the GUI is only allowing me the last 500 hits (via a custom report). If I go to the actual monitor and try to export I get a server 500 error. This has led me to the CLI. ftp export log url query "src.user eq '<domain\username>'...
Can "set deviceconfig setting session tcp-reject-non-syn no" or similar somehow be configured at just the VSYS level? ( I know it functions at the device level)So as to provide some VSYS's the ability to process asymetric flows and others not.Regards,
This message appears (email, and SNMP trap) pretty much anytime I run a "commit" on the box. It appears cosmetic, as the GUI on both boxes show them being in synch. (possible latency/delay issues during synchsynch causing this mis-fire?)I noted this was an issue in the 3.x version of code, did they somehow "unfix" this bug? Anyone else experienc...
Hi,Can we run multiple OSPF instances on one virtual router ?In cisco we can run two OSPF processes for example , router ospf 100 router ospf 150 Kind Regards,Sunil
Hello all:I am trying to configure an user in a security policy but when I write the first 4 letters of his username it doesn't appear (screenshoot attached). However, it does appear throug CLI:admin@PA1(active)> show user ip-user-mapping all | match mmlu10.161.34.189 vsys1 UIA idc\mmluque 3516 3516Any cl...
Hi thereIve set up the firewall with a trusted lan for staff and untrusted lan for visitors.I don want the visitor lan to access the staff lan, however the first rule created was to allow webbrowsing, i cloned it and added the visitor source addess to the rule, however anything on the visitor side cannot access any web site.Ive allowed dns from ...
The organization policy is to block ZIP file types.We are having problems with docx file type which they are a ZIP file but in the file blocking profile I can see Paloalto should know how to recognize docx files but we still get dropsi would like to know how this machanism is workingplease review attached file
I write SIEM content (Mostly Arcsight and Q1), I have found PAN to be very effective in identifying adverse traffic. One thing that would be great, that in addition to recognizing the file type such as "file Microsoft PE File(52060)" which is useful as a poor mans DLP, with which I can track whats coming and going, it's only so effective by just...
Found this one recently:http://www.what2code.net/?p=150http://www.youtube.com/watch?v=wPHeAkv8BaEWhere dns is being used to tunnel ssh traffic through and of course there will be ways to bypass things but how is/will PA address this latest finding?(and to be fair pretty much the same bypass exists in other vendors equipment aswell such as Checkp...
Hello,I'm using PAN Agent 3.1.2 on WIN2008 server and somethimes after restart the Ignore_user_list seams to be ignored )user on the lista are still identified by the PAN firewall).Does someone had this problem ? there is way to have an alert or log in case of this problem ?Can we debug PAN agent to see if the ignore_user_list is not loaded ?The...
Hi,Just like to find out if there is a known issue with Palo Alto and Windows 8 for direct internet policy. Currently, we have defined a policy in PA to allow AD user to connect to internet. However, based on my observation, once my notebook goes to sleep mode, then wake up, then login the policy doesn’t seem to take effect. To gain direct i...
| Subject | Likes |
|---|---|
| 4 Likes | |
| 2 Likes | |
| 2 Likes | |
| 1 Like | |
| 1 Like |
| User | Likes Count |
|---|---|
| 4 | |
| 3 | |
| 3 | |
| 2 | |
| 2 |

