General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Resolved! Schedules

Hi,

with schedules, do they apply to the policy or just URL filters?

I am trying to block certain apps at certain times, I just want to confrm in my mind that schedules are applied to the whole policy, effectively switching it on or off at times?

Also w

...

Resolved! PA-2020 OSPF Capacity

Hi,

I've seached the data sheets and discussion forums but could not find any information on the size of the forwarding table for a PA-2020.

We wish to run OSPF on this box and I need to understand the limitations related to the size of the OSPF databa

...

Resolved! Allow SSH outbound, block SSH tunneling.

Is it possible to allow SSH out but block SSH tunneling?

HTTP and sql injection by facebook-mail

Hi all,

We recently found a threat "HTTP SQL Injection Attempt" (ID = 30514) with the application "facebook-mail".

We found that information quite strange. What does it mean exactly?

Was there some patterns (for example a SQL specific pattern) in the ma

...

Data filter - Blocking suspicious downloads

For data filtering we set a rule to alert for certain downloads (such as .bat, .exe, etc). In the monitor log, all alerts are listed as LOW severity. I have noticed a pattern where a workstation shows a suspicious download such as game.exe or abyz

...

GRE and IPSec traffic

Hello,

Does PanOS 3.1.4 in L3 mode supports GRE and IPSec protocols? We need to NAT this traffic.

Br!

Ahti Akel

Coverage for New IPS Evasion Techniques

Stonesoft recently reported multiple IPS evasion techniques that can be used to evade detection by IPS/IDS devices. We will be releasing signatures to detect most of the evasions in our content release tomorrow. More details will be posted on this th

...

Resolved! Panorama install - VMware ESX 4.0 SCSI Controller selection

Is there any preferred setting for the SCSI controller option when configuring the Panorama VM in ESX 4.0?

There seem to be two options - Buslogic Parallel or LSI Logic Parallel.

Thanks,

Tariq

Adobe zero-day vulnerability security advisory

Adobe released a security advisory (APSA10-05) today about a zero-day "critical" vulnerability in Adobe Flash Player, Adobe Reader and Acrobat that can be exploited remotely. For details regarding affected versions and OS, please refer to Adobe's sec

...

Resolved! Is tap mode able to pick up virus or spyware

Hi, if i deploy PAN in tap mode. Am i able to pick up virus or spyware detection like it is deployed in L3?

PA-500 - Auto reboot byitself

Hi Again,

The appliance is auto reboot after running for some time without any rebooting or shutdown. After performing some checking, the system log file shows that "captive_portal: restarts exhausted, rebooting system".

Yes, i did some minor changes o

...

Resolved! SSL VPN and RADIUS

anybody have a walk through on setting this up. I have SSL VPN enabled currently on our PA2050 for a few folks however I'm using the local database for it and would like to switch to RADIUS authentication. I don't currently have a RADIUS server how

...

After SSL VPN connected, there are no routes to private LAN

My PAN SE just helped setup our SSL-VPN. The first two users had no problems, but the next two did. I observered both first hand. Once the SSL VPN client is connected, I was not able to ping internal IP addresses. I checked the routes on the PC (

...

Zone Protection Setting

Do you have the recommended setting for each zone protection?

We know this issue is depending on the situation and we have to tune up after installation.

However, what's the value of setting that we should configure?

We're providing the management servi

...

tcp-syn enabled may affect the transfer (downloading) files.?

if I have enabled tcp-syn in the trust zone unusually high number of these 'tcp non-syn packets' being generated, overall-throughput through the firewall can be affected?.

in case if affects, as I can disable this option?

Discussions