Resolved! Paloalto to Firebox
Any know issues with an ipsec VPN connection between a PA-500 to a Watchguard Firebox?
Any know issues with an ipsec VPN connection between a PA-500 to a Watchguard Firebox?
We run McAfee which does some user authentication on AD for group policies. The problem is that when this happens, the ip to user mapping shows this service account as the user instead of the actual user that is logged in. The actual user is then unable to match on a specific rule and therefore gets the incorerct access.Not sure if changing some...
I am currently only allowing ssl and web-browsing applications to a specific server. If I do a "telnet x.x.x.x 3389" it connects even though the rule should not allow this. I would think that the application filter is unable to block this due to the application coming up as insufficient-data or incomplete.How do I block this??
hi,am looking to exclude a user or application from being monitored and shown in the ACC or logs is it possible ? i was looking for couldnt find it ?BR
Hi Guys,Since I have upgrade to 3.1.6 (December 2010), the PA-500 is unable to run Costum Reports longer than 1 week or last 7 days, I downgraded to 3.1.5 but this does not work. Right now I have version 3.1.6, an every time I try to run a Custom Report longer than "Last 7 days" It shows me "Communication %20 fail". Is this a bug on the PANOS or...
We tried using the 'MPEG' file type and file blocking, but this doesn't do the job (in fact it only seems to block MPEG video's, not MPEG-3 audio). We also tried creating a data filter with "MP3HASH" as a regular expression, but this didn't appear to match MP3's either.How can we successfully block MP3's using data filtering or file blocking?
I need a techincal answer for default protections with PAN IPS enabled. If possible, think in a CP-to-PAN conversion. I know...apples to oranges. TIA - Jeff
I managed to use the setup for blockin iphone/ipad trafic. https://live.paloaltonetworks.com/docs/DOC-1503Some questions... How do we do this for other smartphones?And is it possible to control this with IP range for instance? Or other methods?Thinking about allowing it on some locations and drop packets on other?I have not been successful on th...
So I have a need to block almost all internet access for a certain group of folks. They are in a warehouse and only need access to a few websites (time clock, shipping sites, etc) related to their jobs. How I'm doing this currently is to use a Active Directory policy and forcing a non-existant proxy server and then using the exceptions list to ...
According to the PA-3.0_Administrators_Guide.pdf:"Trusted CA certificate—Import an additional intermediate certificate authority (CA) certificate to trust when doing SSL decryption. If the firewall encounters a certificate that is not signed by a trusted CA, then it uses its own untrusted CA to sign the certificate and generate the expected brow...
Hi,I have a PA2020 system with Custom URL category defined and it was working fine on 3.1.4.When we upgraded to 3.1.6, the Custom URL category was not working and URL present in the custom category were being blocked, even if they were in the allow list.We have deleted and re-created the Custom Category, but same issue.Has anyone of you experien...
Problem:If you try to manage PAN device over a WAN, you might experience problems.By manage, I mean via the Web interface, via CLI or via Panorama.The Web interface may not load Or login via CLI works fine. However a command that returns a lot of data will fail. One good example is "show log system"Or "Failed to establish SSL connection to Panor...
HiI believe I've successfully set up LDAP authentication in our Palo device. All of our groups and users are appearing when searched for using "show user ldap-server server all" and they show up in Authentication Profiles when changing the Allow List.I have added my user account from our AD domain into the LDAP Authentication Profile as detailed...
I'm wondering if it is possible to define an 'application' based on an SMB URI path?Example - I have two shares on a SMB SAN server \\san\public and \\san\secret; is it possible to apply a firewall rule to a Palo device that sits between this server and clients such that access to the shares can be restricted based the destination path, not just...
hi : I have a question in regard to Flood Protection Thresholds under Zone Protection. Do the thresholds for Alert/Activate/Maximum apply to counting SYN packets directed at a partuicular host or to counting SYN packets directed at all the hosts in the protected zone.The online documentatio specifies "destination" which implies a particular IP w...
| Subject | Likes |
|---|---|
| 4 Likes | |
| 3 Likes | |
| 2 Likes | |
| 2 Likes | |
| 1 Like |
| User | Likes Count |
|---|---|
| 7 | |
| 5 | |
| 3 | |
| 3 | |
| 3 |

