IPSec VPNs using public key signatures
hi!I was wondering if public key signatures (RSA signatures, DSS signatures, ...) are supported for authentication in IPSec VPN with PAN and if there are any plans to implement it?cheers,Andrej
hi!I was wondering if public key signatures (RSA signatures, DSS signatures, ...) are supported for authentication in IPSec VPN with PAN and if there are any plans to implement it?cheers,Andrej
Hi all,We are running version 5.0.1 on out Palo Alto 5020. when we run the packet capture feature, the tracefiles are visible on the CLI, but the GUI shows nothing.It has nothing to do with filters, the GUI is just empty.Does anyone have a solution for this?Reg,Gerben
We have upgrade to v 5.0, all working fine except that QOS statistics no longer workThis has happened on a 500 and a 2050we just see a 'No statistics available for this interface' message when statistics are clicked...
Hi,I have a lot of traffic that are blocked by company policy saying NO to downloaded .exe and dll.At the same point it would be very useful to scan and test the blocked files.Wil this be possible by making a profile like this:Or is it another way of doing this.RegardsStig E BakkeDataEquipment
Since november we have not received any content updates from updates.paloaltonetworks.com. We changed the rules so every update server (including amazonws.com) was allowed.Now the updates start, I see a succesful connection to updates.paloaltonetworks.com, but the job remains in download state at 0%.When I check the ms.log it shows:--2012-12-19 ...
I've got an HA A/P pair where the primary is included in a device group and managed via Panorama. The configs are sycnhed and everything is matched; however, the peer has no inherited policy from Panorama. Any ideas?
I'm new to this world and am looking for some advice of where to install the UserID Agent.I'm thinking one of the most efficient places to put it would be a domain controller.User identification is very important to us and we want to be able to id and many users as possible. Anyone else put this on a domain domain controller ? Should I install ...
Hi,I am in the start of setting up Threat log forwarding to Syslog and/or SNMP-traps.Do I really have to enter every single rule to enable this logging or is it a smarter way of doing this ??I really hope that I am not forced to add the same log forwarding rule to one and every rule RegardsStig Einar BakkeDataEquipment
I note that the PA-2050 units I have running 4.1.7 PanOS generate their syslogs as UDP/514. Is there any way to tell the unit to use TCP for syslog messages? Our SIEM/syslog collector (AlienVault) seems to be missing some of the syslog messages we (supposedly, according to security team) sent to it from the PA-2050 for whatever reason. We are e...
Hi All,"Save the telnet" movement inspired me . I'd like to find out if any one is experiencing same limitations I do: - " at least 7 bytes" limit in Custom Data Patterns.- "regex" has very limited capabilities in Custom Data Patterns.Would adding this features be beneficial for the next release?I'm also curious about Predefined Patterns (CC nu...
Hi guys,It looks like our PA-2050 is not purging old log files from the database. When we log in to the Web UI we get alarms like this:According to the documentation this error shouldn't occur. The PA box should automatically purge old log entries when the DB reaches 80% of the total DB size. Any ideas what we could do/check here?Thanks,Oliver
Our users private devices are on a separate subnet/vlan and a separate PA zone using the Google DNS servers. I have been forcing a captive portal in order to enable user ID for these devices. This has been working fine.I have set a rule so that these devices can access our exchange server via OWA/activesync by going out to the internet and hit...
In Panorama, is it possible to assign an admin role to a vsys? I don't see the option on the admin role tab in Panorama. I only see it on the device itself. Please see attached screen shots as a comparison between the Panorama view and the Device view. Thank you.
Was working for a while the the interface decided to go down and I kept getting this warning every time I commit. I have checked both ends and it seems to me that the 10gig interface on the palo side is bad. Both are the same so I do not understand why I keep getting this message. e1/21 is green but e1/22 is red and will not come up.Warning: ...
Is there a way to do DNS Re-write or DNS Doctoring in the PAN similar to Cisco's ASA?
| Subject | Likes |
|---|---|
| 4 Likes | |
| 3 Likes | |
| 2 Likes | |
| 2 Likes | |
| 1 Like |
| User | Likes Count |
|---|---|
| 7 | |
| 5 | |
| 3 | |
| 3 | |
| 2 |

