General Topics

Automatic attack block

Occaisionally we get an attack from a single IP to one of our external servers where the attacker tries a whole bunch of known exploits. Is there anything like a "Zone Protection" for this type of attack? I'm looking for something where an external b

How to poll interfaces on VM 100.

Since there are no physical interface on VM PA. So it doesn't show any data under sh interface command.

How can you poll these interfaces.

HIP without license

Is it possible to use HIP Profiles with just custom checks without a HIP license? (Sort of the way you can with URL filtering.)

Setting Up the PA-200 for Home Setup question?

Hey folks,

Newbie here.    I had this going successful before, but after a factory default, not working for me for some reason. 

I've followed this helpful article before and worked on my first try, but not now for some reason.

https://live.paloaltone

VM-100 Virtual Wire doesn't show any sessions

 Hi guys, I'm new to PA so I hope this is not a stupid question.

I configured my VM-100 with two interfaces (plus manegment), the two interface were setup as Virtual Wire. I can capture traffic going through and everything works from a user perspecti

Packets dropped: invalid interface (route to second public network in trust interface)

Hello All,

My system is multi vsys environment, I need to route traffic from untrust to trust.

My source is internet and destination is my second Public IP subnet in trust interface.

I investigate and found log from Global Counters "Packets dropped: inv

IPv6 Point to Point prefix

Hi,

Trying to setup a IPv6 Point to Point link between the PAN and SRX.  Does PAN support IPv6 prefix like /127 for point to point connection?

(Yes I read RFC 3627 -> RFC 6164 -> RFC 6547 already)

Before any one starts about the IPv6 address space is

Cert key import

What is the best way to import a key for a globalprotect portal? I already have CA installed.

Some Applications not being submitted to wildfire

Hello

I am testing my wildfire configuration .

1- When I download wildfire test PE file  , I get an entry under Wildfire submission log & data filtering log.
2- I intend to test if copying the PE file is also caught by wildfire , so I download a new PE

Map any TACACS+ user to local account

Anyone aware of how to map TACACS+ accounts to a single local account? For instance, I have my ACS server using AD for its user database. I created a policy in ACS to allow access to the PA if they are in a certain group. When I want to give someone

How to Safely Enable/allow Skype (URL filtering)

To allow skype you need to allow next applications in security rule:

Next step you need to make URL filtering profile. Deny any categories. But allow next URLs:

mobile.pipe.aria.microsoft.com

*.microsoft.com

*.skype.com

ocsp.msocsp.com

login.live.com

auth.g