General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

Resolved! Logging of threats - Possibly to set it globally ?

Hi,I am in the start of setting up Threat log forwarding to Syslog and/or SNMP-traps.Do I really have to enter every single rule to enable this logging or is it a smarter way of doing this ??I really hope that I am not forced to add the same log forwarding rule to one and every rule RegardsStig Einar BakkeDataEquipment

Syslog via TCP?

I note that the PA-2050 units I have running 4.1.7 PanOS generate their syslogs as UDP/514. Is there any way to tell the unit to use TCP for syslog messages? Our SIEM/syslog collector (AlienVault) seems to be missing some of the syslog messages we (supposedly, according to security team) sent to it from the PA-2050 for whatever reason. We are e...

Resolved! Data pattern limitations.

Hi All,"Save the telnet" movement inspired me . I'd like to find out if any one is experiencing same limitations I do: - " at least 7 bytes" limit in Custom Data Patterns.- "regex" has very limited capabilities in Custom Data Patterns.Would adding this features be beneficial for the next release?I'm also curious about Predefined Patterns (CC nu...

Alarms - Log DB size over threshold

Hi guys,It looks like our PA-2050 is not purging old log files from the database. When we log in to the Web UI we get alarms like this:According to the documentation this error shouldn't occur. The PA box should automatically purge old log entries when the DB reaches 80% of the total DB size. Any ideas what we could do/check here?Thanks,Oliver

Zone to Zone for OWA/activesync?

Our users private devices are on a separate subnet/vlan and a separate PA zone using the Google DNS servers. I have been forcing a captive portal in order to enable user ID for these devices. This has been working fine.I have set a rule so that these devices can access our exchange server via OWA/activesync by going out to the internet and hit...

Resolved! Panorama: Is it possible to assign an admin role to a vsys?

In Panorama, is it possible to assign an admin role to a vsys? I don't see the option on the admin role tab in Panorama. I only see it on the device itself. Please see attached screen shots as a comparison between the Panorama view and the Device view. Thank you.

Resolved! Has anyone ever seen this on the physical interfaces.

Was working for a while the the interface decided to go down and I kept getting this warning every time I commit. I have checked both ends and it seems to me that the 10gig interface on the palo side is bad. Both are the same so I do not understand why I keep getting this message. e1/21 is green but e1/22 is red and will not come up.Warning: ...

Resolved! DNS Re-write or DNS Doctoring

Is there a way to do DNS Re-write or DNS Doctoring in the PAN similar to Cisco's ASA?

real time flow from interfaces - how to get it?

HelloOn my old Juniper SSG device I had flow control where I can sow real time traffic on interfaces.How can I do it with PAN? - using only GUI/CLI - not thirty party software?With regardsSLawek

Resolved! PA200 process running at 100%

Hi there,I've seen a task called pan_task taking up 100% cpu on two of my PA200's. Is this a PA200 specific thing? Not seen this on any other hardware platform, looking into it further it does not look like it's actually using 100% CPU, wondering if it's something to do with the single cpu architecture and splitting the two cores to backplane/ma...

Which logs to check for firewall auto reboot?

Hello,I need to go through the logs to check why the active PAN 2020 rebooted itself. I only have access to the cli (I have to ssh via the now active FW).Which logs should I check?? Under mp-log there is a whole bunch of logs I am not sure which one to check for system failure related issues.The reboot time is suspiciously close to the applicati...

BrightCloud to BlueCoat Category mapping?

Is there a more recent Blue Coat WebFilter to BrightCloud URL Category mapping? I found the document from Jan2011 that lists the categories and the recommended mappings at that time. However in the last 2 years both vendors have added and removed categories and changed the descriptions of some of their existing categories. A more recent mappi...

Firmware 4.0.8 to 4.1.8

I am new to Palo Alto firewalls and I am hoping this a quick easy question for somebody who is more familiar with them. I would to like to upgrade my PA500 to latest firmware. It looks like the latest release is 4.1.8 (I am using 4.0.8). I have downloaded 4.1.8 to the firewall. Once I click install on 4.1.8, will that require a reboot of the fir...

PAN only takes the first category of an URL from Brightcloud

Here is an example:www.aetna.com is rated on the website of Brightcloud as "Business and Economy" and "Health and Medicine"."test url www.aetna.com" results in a "Business and Economy", which could cause some legal issues when traffic to "Health and Medicine" should not be performed due to privacy reasons.Are there any plans to change that in t...

Policy Based Forwarding only works when using specific IP

Thinking outloud here...I would like to record voice traffic for VPN connected customer service agents.Traffic comes in a VPN-HomeRouters tunnel from a 10. IP range.The PBF works when setting source Zone and IP, Next Hop and 1 destination IP.When i change the IP to a range then the forwarding gets skipped (i'm thinking because of the Virtual Rou...

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

Resolved! Logging of threats - Possibly to set it globally ?