The publisher could not be verified

I noticed that when I download programs from the Internet with Decryption turned on, the downloaded file says "The publisher could not be verified", whereas if I grab the same file off a non-decrypted connection I do not get this same message.

How do

Blocking Application Filters

I've browsed through these forums regarding the best way to block applications.  I've saw the posts of folks blocking applications by app filter.

I have AD integrated AD groups.  These groups tie to individual Palo Alto security rules that allow any

fqdn - policies - wildcard

Hi,

i want to place a policy with fqdn entrys completed with wildcards.

e.g.

Our PCs have names like this:

LABPC01, LABPC02, LABPC03

Now i want to deny the internet traffic for every PC with the name LABPC*

But i also want to allow it to a special list of

Apple Laptop/Desktop Able to Bypass an Application Deny Policy

I have a policy setup to deny gmail and if a user has an Apple laptop or desktop they can get to gmail via https.  On a Windows laptop/desktop the deny policy prevents it, even when using Safari on Windows.  Anyone seen this and is there a way to pre

FTP Brute Force attack blocked only after 13 seconds

Hello,

Two months ago we correctly set up a rule to block Brute Force attacks on our FTP server in DMZ.

The related information can be found here: https://live.paloaltonetworks.com/message/16977#16977

We tested it manually by just entering wrong passwor

palo alto安全防范是否支持一下功能？？？？

具备Land攻击防范功能
具备Smurf攻击防范功能
具备Fraggle攻击防范功能
具备ICMP Flood攻击防范功能
具备地址扫描攻击防范功能
具备带路由记录选项IP报文攻击防范功能
具备超大ICMP报文攻击防范功能具备time-stamp攻击防范功能
具备带源路由选项报文攻击防范功能
具备端口扫描攻击防范功能
具备ICMP不可达报文攻击防范功能
具备ICMP重定向报文攻击防范功能
WinNuke攻击防范功能

Using QoS to set application priority

Is it possible to set priority based on application?  Most of the configurations I've found were to limit bandwidth to certain applications, so I'm curious if this is even possible.

On my PA-500 I created a QoS policy with the smtp application and set

Connecting a Tier 1 firewall pair to a Tier 2 firewall pair without a switch

Internet

|

|

Tier 1 FW

|

|

Tier 2 FW (Palo Alto Firewall) in Active/Passive mode

|

|

Core Switch (HA)

Hi,

Can I connect a pair of Tier 2 firewalls (A/P HA) to a Tier 1 firewall pair (A/P HA) without using a switch(s) in between? there will be 2 UTP from each T1

Allowing just the application "web-browsing" breaks websites

I’ve been trying to figure this one out and would appreciate input from the community. What recommended "helper" applications must be enabled along with the application “web-browsing” to have websites work as close to normal as possible? For example

Packet with application status insufficient-data

Dear All,

Do you ever face a problem in Paloalto with appliaction logged as "Insufficient-data"?

My policies set to permit the connection, but every traffic that logged in Firewall always as "Insufficient-data", also the application can't establish con

User-Id Agent no longer showing domain

I setup the user id agent with the PA for an organization several months back. They reported it not blocking correctly so I logged in to take a peek. The PA used to report their username as domain\user but now it is just reporting the username (with