General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

User identification (AD)

Dears,We have PA2020 implemented (w/ HA) and sometimes the user identification doesn't work well.In the picture below we can see the following scenario1st line - PA2020 doesn’t relates my IP w/ my user and I got blocked accessing youtube.com (rule “Block R Sociais, Videos, Audio”)2nd line - PA2020 doesn’t relates my IP w/ my user so I could only...

Resolved! Allowing Skype through the PA

We have a business group that wants to use Skype. I am very concerned about allowing unknown-udp or unknown-tcp ports out through our PA. Has anyone allowed Skype through their PA and if so, can you offer any suggestions as to how to do it securely?

Resolved! Unable to install Applications / Threats 360-1705

Hi all,Is anybody else having problems installing Applications / Threats definitions 360-1705 please?One half of my HA pair of PA-2020s has installed this OK but the other has not. The install and push completes OK but the active version remains at 359-1703.Both devices were running OS 4.1.6 but these have both been upgraded to 4.1.9 today. I ...

DavePalo by L4 Transporter
  • 4161 Views
  • 4 replies
  • 0 Likes

Resolved! Mega service

Is programmed a content update during next week for the new application mega (mega.co.nz)? Right now the service is recognized as ssl, web-browing and unknown-tcp and becomes urget its new calssification due to the high bandwidth consumption and downloading legal issue. Brighcloud classifies correctly as personal storage but an application-based...

NGS_SOC by L3 Networker
  • 5752 Views
  • 6 replies
  • 0 Likes

What to do with Large Logfiles

I have two PA4060s and Panorama on our internet border. I need to retain logs of all outbound traffic for at least three months. After watching the log retention on Panorama for a couple of weeks and running the debug log-receiver statistics command, doing calculations from it, and by watching the amount of data stored and knowing the size of ...

djr by L4 Transporter
  • 4340 Views
  • 4 replies
  • 0 Likes

Resolved! Panorama Logging Backfill

I have had to upgrade both my firewalls and Panorama from 4.1.9 to 4.1.10 about a week ago. I updated the firewalls and subsequently cleared the logs for them, however, I failed to do that with the Panorama. Yesterday, I realized this important missed step and subsequently went to export the current logs. The transfer finished this morning and I...

dhill6 by L1 Bithead
  • 2651 Views
  • 1 replies
  • 0 Likes

Resolved! All user activity for last 30 days

Hello,I've done some searching and also have engaged support but I believe I've hit another black mark for our PA. Has anyone figured out a way to get all user activity for a certain frame exported?I need simply:userDate/timesite visited (full url, not IP)bytes transferredThe user activity report only shows blocked activity for me, I need allow...

mlaporte by L1 Bithead
  • 3600 Views
  • 2 replies
  • 0 Likes

Resolved! Creating Custom Applications

Greetings,Am I missing something, when creating a custom application why can't I create my own custom category and subcategory? Also, I'm surprised PAN doesn't detect intouch (wonderware) as an application?thx,Bill

Wildfire Depth

The first question I have is how many layers will the file blocking inspect? For example, a zip in a zip has an exe that is malicious. If the PA doesn't inspect that far down wouldn't I be able to get through the firewall inspection?If the above is true and I am the security network guy that wants to block this behavior, could I set up wildfire ...

das by Not applicable
  • 3266 Views
  • 2 replies
  • 0 Likes

Resolved! IPSec VPN Proxy ID setup with multiple encryption domains on a policy based VPN peer

I need to establish VPNs from a PA5050 to Cisco devices where there are multiple encryption domains at the Cisco end.I understand using one proxy id on the PAN to match one encryption domain on the Cisco, i.e. connecting route based to policy based VPN devices.My question is how to set up multiple Proxy IDs from a PAN device to match multiple en...

pmcelwee by L0 Member
  • 10547 Views
  • 2 replies
  • 0 Likes

Issues getting ip-user mapping with probing error

Hello,I've got UI agent 4.1.6 configured on PanOS 4.1.9.We have around 3000 users and in agent we see only around 700 user-mapping count.in the logs we get the below error for a lot of IPs and i guess that's why we dont get all users. I've tried to disable WMI but still doesnt work.Have anyone experienced a similar iissue?2/22/13 08:17:29:688[ I...

vinesh by L2 Linker
  • 5680 Views
  • 3 replies
  • 0 Likes

miniduke

I got the question from de security dept, to investigate miniduke.This was is detected by kaspersky labs, as an exploit of an Adobe flaw CVE-2013-6040I dont' find anything on PaloAlto about miniduke , or CVE-2013-6040

LucVdb by Not applicable
  • 1983 Views
  • 1 replies
  • 0 Likes

Report on attempts to access unsuitable content

Hi AllI have been tasked with creating a report that shows if a user has attempted to access or find a way of accessing unsuitable content. While I can obviously run a report on pages that have been blocked by the filtering system we want to see any attempts to try and access blocked content, such as certain keywords withing search engines etc.A...

Resolved! Eicar and Palo Alto threat-db

First a question:Where and how can I see what is the default action for a particular threat, vuln or spyware threatid?Preferly from within the box itself...And now for an observation:I tried searching for eicar in the threat vault and obviously there are four different (?) eicars registered:2739329 Virus/Win32.eicar-av-test.b2459563 Virus/DOS.ei...

mikand by L6 Presenter
  • 5058 Views
  • 4 replies
  • 0 Likes
  • 24400 Posts
  • 123 Subscriptions
Top Solution Authors
Labels