HiI am not sure if PA box could default check TCP sequense number ... have CLI cmd to tigger this checkingJeff Jin
Dear,we use radius profiles for internal users towards a customer internal network policy server and so. The administration of the palo firewall is done via the MGT interface on a dedicted pvlan based administration network. We want to enable radius authentication for administrator purposes , but this seems to be impossible due to the fact that ...
Hello,I'm going through my first ever configuration of a PAN-500, coming from the McAfee Secure Firewall (Sidewinder). Our current firewall authoritatively hosts our external DNS records pointing to our MX records, etc, and I wanted to know if it's possible for the DNS Proxy module on the PAN-500 to do the same thing.Thank you.
I would like to customize the session timeout for an application for a select group of users. All others would use the default session timeout.Thanks
Hello GroupI am looking for the official list of supported and unsupported SSH/SSL ciphers on the Palo Alto Networks solution.Maybe I am not necessarily looking in the right location.Thank you.
Once again I find myself searching for documentation, once again I am disappointed. There have been a couple posts over the years asking to see the magical "default actions" and the standard answer is "here's how, go look yourself"This is an unacceptable answer. Someone has the list - what's the secret? I'll bet it's even updated regularly.Come ...
hiwhat is the best way to size an appliance to find which model fits the customer network, is there a tool or a technique for it ? ..
Hi,With the command "show counter interface ethernet1/X" i see several counters related to different kinds of "attacks".land attacks ping-of-death attacks teardrop attacks ip spoof attacks mac spoof attacks I'm unable to find documentation or a desc...
How to get the client's IP address with x-forwarder-for in PAN, I need to create something to caputure this part of HTTP header?Thanks.Patricia.
Hi. I'm looking for information on what the Default Threat actions are. Is there a list or a database where I can find out how each Signature ID is handled by Default??Many Thanks
Does anyone know how to specify your traffic logs by vsys and add multiple search parameters of the same type like you can in the gui? We are running PanOS 4.1.7. Notice that the app option does not show up anymore and and there is no vsys option.PA-1(active)> show log traffic action equal deny app not-equal not-applicable + csv-output cs...
Hi,I'm having issue with configuring NATing for my Polycom unit sitting behind the firewall to work. I have allowed all the required apps for Polycom to allow outgoing and incoming. My issue is when I can only call out to another party with public IP but can't receive call from outside the network. I have both NAT rule for both ways in place....
Hi All,Is there any way to custom certificate expired date that generate by paloalto itself ? I saw it on webpage that is too short, it only have six monthes.Thanks.Regards,Joy
Hello,We experienced a problem with a specific SSL encrypted site: https://panakeia.infoman.de/The original certificate is issued to "*.infoman.de" and was issued by Go Daddy (--> InfomanCert_Original.png). It seems to be perfectly valid but still our PA-2050 thinks different and presents our internal clients a SSL certificate issued by our "...
Hi all,I need to reassure me on a simple configuration.Is it possible to do this configuration?IP interface 1: a.a.a.a / xIP interface 1.10: a.a.10.a / xIP interface 1.20: a.a.20.a / xI ask this because I've seen a few configurations and whenever subinterfaces were used, there was no IP on the physical interface.Thank you in advance for your ret...
| Subject | Likes |
|---|---|
| 2 Likes | |
| 2 Likes | |
| 2 Likes | |
| 2 Likes | |
| 2 Likes |
