General Topics

Palo Alto 2020 doesn't close session when using AD authentication

Hi,

This might be a really easy thing I have missed but when we try to authenticate against our AD users instead of strictly by IP and zone it works fine the first person to log on. But then if you log off and someone else with less privilages logs on

Do the PA's cover this ?? Microsoft Security Advisory (2718704) Unauthorized Digital Certificates Could Allow Spoofing

Just wondering if the PA's have this vulnerability covered and if so where do I look to find out myself.

What 's meaning of "User '' failed authentication. Reason: Thread limit reached"

Hello,

I used Captive Portal in my environment. I found log "User '' failed authentication.  Reason: Thread limit reached" show on my system some time when the Captive Poratl page fail to logging in.

Which Thread has limited by the system. Could you pr

Skype & unknown traffic

Hello PAN,

It seems to me that in order to have skype working correctly - particually with multi-site PA's with Site2Site VPN tunnels in between - it is nessesarely to enable both unknown-tcp & unknown-udp.

At least - all our connection problems / deli

Getting Syslog in through PA 500

I have a router just outside my PAN 500, ver 4.0.5. I need to get syslog information in from it for my PCI requirements. Here is my setup:

The following objects are defined:

INT-NPM               Syslog server, IP address 172.15.10.8

TWC-RTR            

URL logging in TAP mode

I have a business requirement to log URLs visited in an "out of line" manner for reporting and usage. There is no requirement to block URLs and it would be of great advantage not to use VirtualWire at this stage(still in pilot).

I understand it is not

Multicast Support

Hi Guys,

Does PAN support IP multicasting to allow one IP packet to be sent simultaneously to multiple hosts for use in multimedia applications and video conferencing?

I did read somewhere that multicast forwarding / routing is now supported from versi

Stateful Package Inspection Features

Hi Guys,

I was just wondering if you someone could clarify a few doubts that are lingering in my mind.

1.  IP Checksum Enforcement

     -  Does PA have an option to enforce header checksums for IP headers and UDP packets?

2.  QoS

     -  Does have QoS sup

Custom Reports and Wildcards

Hello KPers,

My goal: To create a report of top X users who attempt to access blocked categories.

My problem: I would like to exclude a set of userids that share a common prefix.

What I've tried: I've created a URL log custom report based off of action

Using Captive Portal for Untrust to Trust

Is it possible to use captive portal to force a user from the untrust side to authenticat before they can see port 22?

Log filterting on the firewall

Is there a way to filter logs by specifying the time.

Meaning, If i want get the logs between 10 AM and 11AM in the morning??

how do we do that??

Need help in setting up the email alerts for the Pan firewalls.

I am trying to setup email alerts when the device goes down or the interface goes down.

To complete this task, I had configured the email server and under the device tab -- log settings-- critical -- I set it to be forwarded to the email server.

Also