Enabling Security Features

Hi ,

We have a customer running a cluster of PA 3060 . 

The goal is to enable security features on at least 30-40 percent of the rules initially . like

URL Filtering 

AntiVirus

Antispyware

Wildfire

Vulnerability Assessment 

Are there any Best practices rule

Panorama Variables for HA A/A

Hi everyone!

We have an HA A/A deploy, management vía Panorama.

Have i any Variable to use for NAT's like Device-ID? to perform macro configurations?

Regards

Cisco WLC integration with PA - Client logout events from syslog messages

Good day.

Is there any way to generate user logout events from syslog messages?

Firewall is receiving syslog messages with client disassociate events from WLC.

Tried  a syslog Parse Profile with Event String as " Client Disassociated: ", still no luck.

Windows Server 2003 with Agentless User ID

Hi guys,

I am setting up agentless user-id with Windows Server 2003 Active Directory. My PAN-OS version is 8.1.16.

For the setup, i've followed the guide here:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGGCA0

Currently

tacacs

Hi,

I am using tac_plus linux server .

user = larry {

login = PAM

member = admin

}

The above will support ? .As I know tacacs using pap or chap . In that case If can I use login = file /etc /password Or PAM in the server side configuration

Th

URL Category list with all URLs from SSL Decryption Exclusion

Hi,

We are using SSL Decryption and I only allow SSL traffic for specific URL's and categories which are excluded from SSL Decryption.

Palo Alto has it's predefined list with SSL Decryption Exclusions (Device > Certificate Management > SSL Decryption

How packets match security policy when when application are incomplete or insufficient

For an example, I have 2 security policies

ruleA) source ip: any, source zone: any, destination ip: any, destination zone: any, application: dns, service: any, action allow

ruleB) source ip: any, source zone: any, destination ip: any, destination zone

HPE iLO 5 Not working as GP Clientless VPN App

Hi,

I added HPE iLO 5 as a new GP Clientless VPN Application, but it is not working. It seems it calls java, but based on PAN documentation it is supported javascript on Clientless VPN.

There is any special thing to do for the javascript part? As you

Steam Saves from Clouds

Hey, 

Is there anyone knows how can I get steam saves to cloud?

Let me know, if someone knows regarding this.

Zone for vpn?

Hello ,

We have currently three diffent zones defined .

Zone A vlan 100. For wired users 

Zone B vlan 200 for wireless users 

Zone V tunnel/ loopback interface for Global protect users.

All the above users mentioned are corp users.

Now customer wants t

GlobalProtect app - How to stop PanGPS from opening PanGPA constantly?

So we are trying to prevent the Palo Alto agent from opening at startup. 

I believe I fixed that initially by removing its entry from"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run".

However there's a service running, "PANGps" ("C:\Program Files\Pa