General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Coverage for New IPS Evasion Techniques

Stonesoft recently reported multiple IPS evasion techniques that can be used to evade detection by IPS/IDS devices. We will be releasing signatures to detect most of the evasions in our content release tomorrow. More details will be posted on this thread.Stonesoft Press Release:http://www.stonesoft.com/en/press_and_media/releases/en/2010/1810201...

Adobe zero-day vulnerability security advisory

Adobe released a security advisory (APSA10-05) today about a zero-day "critical" vulnerability in Adobe Flash Player, Adobe Reader and Acrobat that can be exploited remotely. For details regarding affected versions and OS, please refer to Adobe's security advisory. We are doing an emergency content release (expected to be out by tomorrow) to pro...

PA-500 - Auto reboot byitself

Hi Again,The appliance is auto reboot after running for some time without any rebooting or shutdown. After performing some checking, the system log file shows that "captive_portal: restarts exhausted, rebooting system".Yes, i did some minor changes on captive portal rule and testing from different machines currently, but how come this will happe...

eugene by Not applicable
  • 3166 Views
  • 2 replies
  • 0 Likes

Resolved! SSL VPN and RADIUS

anybody have a walk through on setting this up. I have SSL VPN enabled currently on our PA2050 for a few folks however I'm using the local database for it and would like to switch to RADIUS authentication. I don't currently have a RADIUS server however I was just thinking of using the built in stuff with Win Server 2003 unless someone could re...

After SSL VPN connected, there are no routes to private LAN

My PAN SE just helped setup our SSL-VPN. The first two users had no problems, but the next two did. I observered both first hand. Once the SSL VPN client is connected, I was not able to ping internal IP addresses. I checked the routes on the PC ("route print") and there was no route to our internal network. Doing an "ipconfig" showed no def...

sj3vans by Not applicable
  • 3555 Views
  • 2 replies
  • 0 Likes

Zone Protection Setting

Do you have the recommended setting for each zone protection?We know this issue is depending on the situation and we have to tune up after installation.However, what's the value of setting that we should configure?We're providing the management service to customer, so we have to decide the default setting of each in advance.

Takeshi by Not applicable
  • 2674 Views
  • 1 replies
  • 0 Likes

What is a command to exit from VSYS?

Hi,I can not exit from VSYS.I tried "quit" ,"exit" and others command,but was not able to exit.Could you tell me it?Device:PA-2050(3.1.3)---------admin@PA-2050 vsys2> set system setting target-vsys vsys2Session target vsys changed to vsys2admin@PA-2050 vsys2>---------Thanks,Shohei

Shohei by L1 Bithead
  • 3246 Views
  • 3 replies
  • 0 Likes

Panorama Console Error - Ext3-fs warning

Hello,We found the below error message on the Pano console:pano login: EXT3-fs warning: maximal mount count reached, running e2fs recommendedHave not had any issues running Panorama. Is there something I need to do to correct this? Thanks!Mike

MGoodnow by L4 Transporter
  • 3704 Views
  • 1 replies
  • 0 Likes

Resolved! How much PA support vlan subinterface using vlan tagging and logical L3 interface?

Dear Master.I know that PAN device can support 802.1q vlan tagging and logical vlan L3 interface. so I tried to find that a single physical interface how much support logical sub-interface when using logical vlan L3 interface and vlan tagging (like a cisco trunk ) but could not find answer from some document and live community.Please give me ans...

ttongfly by L3 Networker
  • 6004 Views
  • 3 replies
  • 1 Likes

Vulnerability Protection - inbound traffic to DMZ Servers

Hello,Does the Vulnerability Protection Profile provide any benefit to inbound traffic from the Internet to servers on the DMZ? Is it more for web protection from users going outbound to browse the web and not so much from outside sources accessing servers. For example will the Vuln Pro signature block a SQL injection attack against a DMZ serve...

MGoodnow by L4 Transporter
  • 6750 Views
  • 6 replies
  • 0 Likes

Resolved! Can Palo Alto handle (AET) Advanced Evasive Techniques ?

Hi,You must have heard of the recent disclosure of exploits using AET. I found this posting.http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci1522097,00.html?track=NL-34&ad=792591&asrc=EM_NLN_12713380&uid=8455137Its looks like the IPS device that they are using is a Palo Alto device. Is there any work being done to protect...

SSL VPN Config on 3.1.5

I am attempting to test the SSL VPN using a self signed certificate on 3.1.5 and setting up according to the " How to Configure SSL VPN on PANOS 3.0" document, however the guide does not cover the Client Certificate Profile which is now required in the 3.1.5 Portal Configuration. Is there a work around or do I need to purchase a cert and add t...

wdhadley by L0 Member
  • 2515 Views
  • 1 replies
  • 0 Likes
  • 24397 Posts
  • 123 Subscriptions
Top Solution Authors
Labels