General Topics

Difference between session start vs end when doing DENY

The difference (generally speaking) between "log on session start" and "log on session end" (for ALLOW rules) is that the "session end" will also log application and trafficvolume however it will not show up in the log-files until the session really is ended (which means for debugging you often want on session start aswell to see when the packet...

Large User-ID Deployments

All,We're in the process of migrating from a WCCP Proxy implentation for URL filtering to the Palo Alto solution (LOTS of work needs to be done obviously!) and we're starting to work with the User-ID Agent and have some questions..First, I'm curious how large of User-ID implentations are out there user wise? We have about 16k users system wide, ...

Custom Block Page

Hi I'm finding it really difficult to upload a customised url block page. Each time I do it only the default page appears. Out of around 20 times of uploading the edited txt message (custom block message) it's only ever updated to the new message on one occasion. Is anyone else having these problems? I'm running 4.1.3ThanksRod

Resolved! Logs retained after vSys deleted?

If a vSys is deleted, i'm assuming (dangerous i know), that the logs related to that vSys are deleted off of the device.Is this a valid assumption?What about any logging forwarded to Panorama, are they deleted or retained?If not a valid assumption, is there a process to manually clean out these logs?Thanks,kurt

CNSE Review Guide

Has anyone have any idea what kind of topic you will be asked? Want to start reviewing for this certification.thanks

Palo and TMG

HelloI have a tmg box at the moment that publishes our web sites, can i still leave that still setup and point the palo at the tmg for the web sites we publish? or how do i do that with the palo in place.Mark

Office 365 App Detection

Hi, I was wondering if there are any plans or a method how to detect Office 365 traffic?We have no URL scanning license on the box, so we depend on the App detection method.Because all traffic is a SSL connection, PaloAlto reports the traffic as general SSL Application.Many thanks for any suggestion about my issue.

No IP addresses on HA interfaces

Hi all,I'm working for a new company building out several new data centers. They got a jump on getting things up and running before hiring their own resource and had a consultant setup a couple of pairs of PA-2050s. They are active/passive. The consultant set up the HA interfaces with no IP addresses. Is this an OK configuration? They seem happy...

commit is always there

I have noticed that whenever I log into my firewall now the commit option is always available. I haven't made changes yet I can click commit. Whats up with that? I would expect it to be grayed out like right after I do the commit.

Dropbox - allow web app but block client?

Our IT department has decided to allow Dropbox, but only the web interface. Installed client traffic should still be blocked.Since the only identified app in Palo Alto is dropbox, we cannot block that app.Is there any suggestion on how can I do this? I've played around with SSL decryption but I get conflicting results.

Vulnerability Protection - BlockIP

I have configured a vulnerability protection profile to blacklist the ip addresses of attackers for all brute force login attempts with the signatures provided in the threat database. The profile works very well. However, i would now like to see the list of currently blacklisted ip addresses. I know it only blacklists for up to an hour, but th...

Resolved! Threath Monitor / App Monitor

Hi all,Does anybody already succeed to auto send either Threat or Network monitor by email ?Or able to export ? or re-create ?Thanks for your hlepVincent

Resolved! Problems with user mapping

Hello.I have a little problem with user-ip mapping i have instaled PAN Agent on a server configured it and started from what i can see it reads security logs and from there maps ip to a user. Those logs presents users as shortdomainname\user. The problem is when device have to compare it to a LDAP mapped groups where users are identified as long...

Can I advertise a static route via OSPF?

I have OSPF working for subnets to which I'm directly connected. I have a static route to another subnet to which I'm not directly connected. Can I advertise this route via OSPF? If so, how?

Updated custom response page doesn't show

Hi allFirst post, better behave I've been fiddling around with the antivirus block page on our PA5050-boxes with panos 4.1.4 but for some reason the page I upload to the boxes won't show. It did change once (uncertain why), but if I now try to either restore the default or upload an updated block page, nothing happens, the box keep displaying t...

Discussions

Difference between session start vs end when doing DENY

Large User-ID Deployments

Custom Block Page

Resolved! Logs retained after vSys deleted?

CNSE Review Guide

Palo and TMG

Office 365 App Detection

No IP addresses on HA interfaces

commit is always there

Dropbox - allow web app but block client?

Vulnerability Protection - BlockIP

Resolved! Threath Monitor / App Monitor

Resolved! Problems with user mapping

Can I advertise a static route via OSPF?

Updated custom response page doesn't show

Doubt about Custom URL category

Upgrading from 10.2.9-h1

Can 'admin' account be deleted?

NGFW with two different Support Structure in one CSP

[User-ID HUB Vsys] Solved Issue User-ID Behavior

Re: GlobalProtect is no longer able to retrieve information for Trend Micro Apex One Security Agent

How to get access to the knowledgebase articles (SSO Error)

Re: Unable to activate Precision AI network security bundles license

Re: Convert management-only Panorama to panorama-mode

Re: Sofware Upgrade broken? "An active license is required for this feature"

Unlock your full community experience!

Resolved! Logs retained after vSys deleted?

Resolved! Threath Monitor / App Monitor

Resolved! Problems with user mapping