General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! How much PA support vlan subinterface using vlan tagging and logical L3 interface?

Dear Master.I know that PAN device can support 802.1q vlan tagging and logical vlan L3 interface. so I tried to find that a single physical interface how much support logical sub-interface when using logical vlan L3 interface and vlan tagging (like a cisco trunk ) but could not find answer from some document and live community.Please give me ans...

ttongfly by L3 Networker
  • 6013 Views
  • 3 replies
  • 1 Likes

Vulnerability Protection - inbound traffic to DMZ Servers

Hello,Does the Vulnerability Protection Profile provide any benefit to inbound traffic from the Internet to servers on the DMZ? Is it more for web protection from users going outbound to browse the web and not so much from outside sources accessing servers. For example will the Vuln Pro signature block a SQL injection attack against a DMZ serve...

MGoodnow by L4 Transporter
  • 6751 Views
  • 6 replies
  • 0 Likes

Resolved! Can Palo Alto handle (AET) Advanced Evasive Techniques ?

Hi,You must have heard of the recent disclosure of exploits using AET. I found this posting.http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci1522097,00.html?track=NL-34&ad=792591&asrc=EM_NLN_12713380&uid=8455137Its looks like the IPS device that they are using is a Palo Alto device. Is there any work being done to protect...

SSL VPN Config on 3.1.5

I am attempting to test the SSL VPN using a self signed certificate on 3.1.5 and setting up according to the " How to Configure SSL VPN on PANOS 3.0" document, however the guide does not cover the Client Certificate Profile which is now required in the 3.1.5 Portal Configuration. Is there a work around or do I need to purchase a cert and add t...

wdhadley by L0 Member
  • 2515 Views
  • 1 replies
  • 0 Likes

Can't find ident

Hello,I can't find ident/auth app despite that it's listed in :List of Applications Identified by the PANRegards

How do block all flv streaming media

Is there any way to block all flv streaming media for all applicatons that uses flv streaming through web-browsing?(I could'nt find any application describes "flv" except "Flash application".But "Flash application" blocks all flash content and this is not acceptable )Thanks...

ssl decryption best practices?

I'd like to look at implementing it but I'm wary of all the potential caveats i.e. applications that don't play nice, and machines that are non-windows or non-domain so wouldn't get a trusted CA via Group Policy.I've read the guides so know how to do it and what the suggested categories are to exclude, but I'd be grateful for any real-world feed...

PAN Help files are a bit old

Noticed this while searching some answers about dynamic URL filtering in the help files. Enable dynamic categorizationSelect to enable dynamic URL categorization.URL categorization takes advantage of a URL filtering database on thefirewall that contains up to 20 million entries of the most popular URLs and other URLs for malicious categories. Th...

blueteam by Not applicable
  • 2874 Views
  • 1 replies
  • 0 Likes

IPS/IDS for SQL Server behind PAN?

We have a web server in fron of a PAN that accesses MS-SQL behind the PAN.In the vulnerability profile that we're using, everything (client/server) is set to "default".I appreciate it's a fairly broad question, but is this enough?Thanks.

User-ID Agent Refresh Interval?

I'm sorry if I've just not spotted it, but is there any documentation on how often the User-ID agent (for Active Directory) updates?We've just started to implement some policies using groups and I'm not quite clear in my mind how often the PAN checks with the agent, how often the agent checks against Active Directory, and how it all combines.Is ...

Uknown / Blank user

Hi,I want to view the traffic for all unknown users, but I am unsure how to create this...I thought about using (user.src neq '') but that does not work I need something similar, essentially I want to view the 'from user' that has no data in (blank)Any ideas?Darren

djbisbey by Not applicable
  • 2560 Views
  • 2 replies
  • 0 Likes

URL Log

I have seen this come up in one post. Where the user has asked why the URL field is only limited to only the first 63 characters.Any idea when this might be addressed? It is crucial to log the entire URL for both trouble shooting and forensics purposes.Thanks.

Captive Portal Question - Demo Unit

Hello everyone,I'm currently demo'ing a unit configuring it to our projected needs. One of the things I'm currently working on it user authentication to the net and am hoping you guys can help me out with this. I have the captiveportal setup using NTLM and the logs show my user authenticating when I goto an outside web address so that seems to...

rjoshua by Not applicable
  • 3125 Views
  • 1 replies
  • 0 Likes

URL Filtering

This was brought up about a year ago from what I can tell but does, or will, PAN support a connector to be used with a Websense server for filtering?

cnelson by Not applicable
  • 3686 Views
  • 1 replies
  • 0 Likes

Monitoring interface traffic with SNMP

I am trying to monitor traffic on some interfaces on our PA 2050 with SNMP.I'm using RRDtool to pull traffic counters every 5 min.But, the interfaces in Network\Interfaces in the GUI does not match the interfaces when i do a snmpwalk IfIndex against the PA.We have a internet connection at interface ethernet1/3.When i monitor interface 3 with snm...

tysver by L0 Member
  • 3459 Views
  • 1 replies
  • 0 Likes
  • 24401 Posts
  • 123 Subscriptions
Top Solution Authors
Labels