Http-proxy application and applications in URL Filtering log

Hellou!

I have installed Palo (in tap mode) in front of MS TMG proxy.  In attachment I put a picture with the applications he recognizes. Http-proxy application is always the application with the most received bytes, but Palo also recognizes other app

ThreatID 33542 and Facebook

I'm seeing a lot of alerts in the last couple days for threatID 33542 when users are visiting facebook via http://www.facebook.com/

Could this be a false positive?  Anyone else seeing a jump in this threat?

Tnx, Tom

Data Filtering Patterns

Does anyone know the logic used to interpret data patterns/filtering expressions?

By this I mean, if I have two patterns:-

Confidential\\Eyes-Only     (exact match Confidential\Eyes-Only)

and

Confidential\\.+               (wildcard match Confidential\*)

Difference between session start vs end when doing DENY

The difference (generally speaking) between "log on session start" and "log on session end" (for ALLOW rules) is that the "session end" will also log application and trafficvolume however it will not show up in the log-files until the session really

Large User-ID Deployments

All,

We're in the process of migrating from a WCCP Proxy implentation for URL filtering to the Palo Alto solution (LOTS of work needs to be done obviously!) and we're starting to work with the User-ID Agent and have some questions..

First, I'm curious

Custom Block Page

Hi

I'm finding it really difficult to upload a customised url block page. Each time I do it only the default page appears. Out of around 20 times of uploading the edited txt message (custom block message) it's only ever updated to the new message on

CNSE Review Guide

Has anyone have any idea what kind of topic you will be asked? Want to start reviewing for this certification.

thanks

Palo and TMG

Hello

I have a tmg box at the moment that publishes our web sites, can i still leave that still setup and point the palo at the tmg for the web sites we publish? or how do i do that with the palo in place.

Mark

Office 365 App Detection

Hi,

I was wondering if there are any plans or a method how to detect Office 365 traffic?

We have no URL scanning license on the box, so we depend on the App detection method.

Because all traffic is a SSL connection, PaloAlto reports the traffic as gene

No IP addresses on HA interfaces

Hi all,

I'm working for a new company building out several new data centers. They got a jump on getting things up and running before hiring their own resource and had a consultant setup a couple of pairs of PA-2050s. They are active/passive. The consu

commit is always there

I have noticed that whenever I log into my firewall now the commit option is always available.  I haven't made changes yet I can click commit.  Whats up with that? I would expect it to be grayed out like right after I do the commit.

Dropbox - allow web app but block client?

Our IT department has decided to allow Dropbox, but only the web interface. Installed client traffic should still be blocked.

Since the only identified app in Palo Alto is dropbox, we cannot block that app.

Is there any suggestion on how can I do this?

Vulnerability Protection - BlockIP

I have configured a vulnerability protection profile to blacklist the ip addresses of attackers for all brute force login attempts with the signatures provided in the threat database.  The profile works very well.  However, i would now like to see th