General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Dynamic updates download but not install on HA

We've got an HA pair of 5050s. They both have a job to download and install dynamic updates at 12:00 AM.I've seen occasions where one of the boxes will download but not install the update. They are also set to push a version of the update to the HA peer.I"m wondering if having them check at the same time and try to push to each other is not id...

aglej by Not applicable
  • 2673 Views
  • 1 replies
  • 0 Likes

Resolved! Device Group and Template admins in Panorama 5.0

After upgrading Panorama to 5.0 I can't find the option to limit access for an administrator to a specific device groups or templates in the webgui. In 4.1, it was possible to configure this under "Administrators" in the device tab. This option seems to be missing in 5.0.(see attached screen shot)In the CLI I am able to configure it, but I can't...

torm by L4 Transporter
  • 3119 Views
  • 2 replies
  • 0 Likes

Approach to manage FTP

Based on recent research by Palo Alto there appears to be a greater emphasis needed on managing FTP. What approach have you found most easily to deploy? The two options I can think of are:1. Controlling who can do FTP2. Only allowing FTP access to trusted FTP sitesAny thoughts or ideas appreciated. Phil

HITSSEC by L4 Transporter
  • 2597 Views
  • 2 replies
  • 0 Likes

Resolved! Could M-100 support shared policy of panos 4.1 device?

Hello.I wonder about M-100 could support shared policy of panos 4.1 device or not. I tested about that and M-100 could not sync of shared policy for panos 4.1 device but panos 5.0 device is doing well.Thanks.Regards.

Roh1 by Not applicable
  • 2719 Views
  • 2 replies
  • 0 Likes

Custom URL Filtering

Hi AllI am trying to get customer URL filtering working and it's not making much sense to me.What I need to do is protect the Exchange server by allowing only connections to OWA and not ECP etc.I've created a Customer URL Category called 'OWA Sites' and listed the following as sites (note there are no external URLs to go off as the external URL ...

TDC by L1 Bithead
  • 5245 Views
  • 3 replies
  • 0 Likes

LDAPS TCP-636 shows as SSL

Im creating a rule base to limit port access to a Domain Controller in a DMZ. I want to allow TCP/636 (or LDAPS) to this server as well as a group of other applications.The only problem is that there is no LDAPS application defined. The application LDAP is defined as TCP/389 as it should be. LDAP also has TCP/636 defined but the PA does not iden...

jhickey by L3 Networker
  • 9932 Views
  • 1 replies
  • 2 Likes

Resolved! Policy forwarding question.

An over-simplified explanation of my setup. Trust me, it just has to be this way. ethernet1/1 - Internet 1.2.3.1/24ethernet1/2 - LAN 10.10.10.1/24Nat/dnat/1-1 nat between ethernet 1/1 and 1/2I have a traffic shaping appliance that I need to loop data through BEFORE NAT on the palo.Trust me when I say I just cant stick it between the lan and pa...

Next Generation Performance Testing for NGFWs

I found this video last day which might be interresting for some of you:http://www.youtube.com/watch?v=yxdJNK2YAQU"Next Generation Performance Testing for NGFWs Published on Mar 27, 2013In this video, Jerish Parapurath, Sr. Technical Marketing Manager at Palo Alto Networks, explains why next-gen firewall (NGFW) testing is different from other ty...

mikand by L6 Presenter
  • 2101 Views
  • 1 replies
  • 0 Likes

Tftp brightcloud databese issue

Hi,We tried to upgrade brightcloud version using seed file on support with tftp.After sending file successfully, when try to install it gives an error like : Error decrypting BrightCloud database: This image doesn't meet authentication requirements. It is either an unsupported format, or a corrupt image that can not be safely loaded on the syste...

IPS Evasion

So are the techniques used in the following article realistic?http://www.sans.org/reading_room/whitepapers/intrusion/beating-ips_34137Palo Alto's PAN-OS 5.0 made it a bit harder, compared to the others at least.

mikoba by Not applicable
  • 5710 Views
  • 7 replies
  • 0 Likes

Dns Proxy

Hi,is there a document for configuring Dns proxy function with detailed explanation about properties in it.Thanks

Which CLI modes can be granted to a URL Filtering Profile Administrator without granting full CLI roles?

Which CLI modes can be granted to a URL Filtering Administrator without granting full CLI Admin roles?We want to be able to see which URL Filter profile group a user is in using the CLI commands for showing group membership.We would also want to be able to grep for URL request per user and assigned IP Address.Thanks in advance.PotStirrer.

  • 24397 Posts
  • 123 Subscriptions
Top Solution Authors
Labels