General Topics

CVE-2012-4607

Does the Palo firewall (version 4.1.10) with threat update version 351 block vulnerability CVE-2012-4607

"Buffer overflow in nsrindexd in EMC NetWorker 7.5.x and 7.6.x before 7.6.5, and 8.x before 8.0.0.6, allows remote attackers to execute arbitrary

Who are anyone know what the way stop scheduled log export?

Hello

I configured "Scheduled Log Export" at Daily AM 3:00.

Yesterday, Many traffics went through PaloAlto.

So The PaloAlto Device is exporting logs, still.

Management CPU is 100%.

What does the way stop "scheduled log export"???

Cert authority to use

We got a wildcard cert built off of a CSR from a windows machine.  However attempts to put it on the palo alto device have all failed.

previous tickets on that were a run around between here and go daddy.  PA believes it look all good and go daddy can

user reporting per domain - user.src wildcards

Hi,

we have an environment existing out of a forrest containing 15 different domains, all managed by different admins.

Since we want to inform local domains on their users internet behaviour, but we don't want them to look into the numbers of other dom

Netconnect and Zscaler issue

Hi,

somebody tried to use a cloud based proxy provider like zscaler to use together with Netconnect.ssl vpn ?

The proxy uses AD authentication to make sure the client is a member of....customer. No problem so far.

When the user wants to initiate a Netco

Additional authentication for specific zone

Hello everyone,

Is it possible to request an additional authentication for a specific zone with PAN-OS 5.0?

The requirement would be to have regular userauthenticated through regular ActiveDirectory/NTLM for regular zones. However for very sensitive zo

A general web proxy server deployment with PAN box

Hi All,

I think this topic has been discussed in the past, but I want to be clear about this deployment

since web proxy server design is still typical in many customer's live network. So please allow me to bring this again.

2 basic deployments are ment

Allowing some protocols from any user/port?

I am curious what others are doing for some protocols:  Examples:  DNS, ocsp, STUN, meraki, apple push notification, etc.  It seems to me that these sorts of things could be let go for pretty much all users, anytime and be excluded from the captive p

Blocking pictures with GPS Data

I'd like to use the PA to block pictures that contain GPS exif data in jpeg, tiff, and other uploads to social media sites.  Has anyone done this already?  

Commit failed

Hi everybody,

Device: PA-2050

Firmware: 4.0.1

we are getting this error message when we try a commit.

What is happening when this appears and what can we do?

A rollback to a further config version is not helping.

Error message:

Management server failed to s

Monitoring - source user not shown in log

Although the "agentID client" is installed on one of our domain controller boxes, I find that when using MONITOR log to look at the traffic, it doesn't show the "source user" of whom is currently logged in via Active Directory. Any idea why?

In additi