Resolved! packet capture for unknown-tcp

Hi,

I'm getting a lot of unknown-tcp on the internal network and would like to capture some packets to get an idea what this is.

I tried:

debug dataplane packet-diag set capture trigger application from unknown-tcp to unknown-tcp

but I don't get any pack

Resolved! 4.1.7 LDAP lookup unstable

I have three active directory servers configured within the LDAP settings of my Palo Alto.  I have tried using both 389 and the GC port of 3268 as per this doc: https://live.paloaltonetworks.com/docs/DOC-3120

I have two 2050's in an active/passive pai

Resolved! Clear Traffic Logs command clears Traffic Summary logs as well?

I want to 'clear traffic logs'. If I go through with that will that also clear the traffic summary logs?

I would like to clear traffic logs but keep the summaries.

... reason being, im upgrading from 4.0.9 to 4.1.7 this weekend and I want to cut down u

Resolved! Difference between Address groups and regions ?

I'm trying to find more details about the differences between address groups and regions.

I added some regions to get a better reporting when I include src and dst countries.

Initially I made a mistake of naming a region the same as an existing address

Resolved! SQL Injection Lilupophilupop (Part 2)

Hi, recently a famous SQL Injection has started up once more.

Will there be a vulnerability signature update which includes this new version of the Lilupophilupop SQL Injection code?

More information can be found at ISC Diary | SQL Injection Lilupophil

Resolved! system logs

Can anyone tell me what is going on in this log? It doesn't look like the RDC brute force attacks that i see all the time

Resolved! Track IP

Hi all,

I have a setup with two ISP's where one is active and the other is redundant sitting in a VR.  The routing and failover works fine but only if my actual link goes down on my main ISP which will pull the static route.  Is there a way to do a tr

Resolved! Device Upgrade 2020 to 5000

Hi,

We are planning to upgrade PAN 2020 series to 5020 or 5050. I am wondering if we can simply restore the backup of a 2020 on 5020 and everything should work fine. We are running software version 4.1.7. Currently we are running with active/standby

Resolved! SSH Config

I need to allow a one time SSH connection from the Internet to my LAN for the configuration of a device. So far I have created an SSH service and security policy, allowing any device to connect to the external I.P. address of my PAN. I have also crea

Resolved! SSH decryption policy

Hi All,

We have recently deployed PA devices in our network as IPS. We have configured SSH proxy and provide an exception with negate policy for the hosts. I have a basic question regarding decryption rule. I am assuming all rules work like firewalls

Resolved! User Identification Timeout - What to do ?

Dears,

I have Palo Alto consolidated and working fine in my network but sometimes I have to do some changes on AD groups to give some rights to some users...

I am realizing that all changes delays too much to take effect in Palo Alto, I think is becau