02-17-2013 10:06 PM
Hi,
Iam a starter for paloalto .. I have few questions so any answers on this will be help full...
Regards
Raju Reddy
02-18-2013 12:35 AM
Hello Rahu,
Please find the answers inline.
1.What is dynamic block lists and how can we use that?
Dynamic Block Lists page to creates an address object based on an imported list of IP addresses.
The source of the list must be a text file and must be located on a web server.
You can set the Repeat option to automatically update the list on the device hourly, daily, weekly, or monthly.
After creating a dynamic block list object, you can then use the address object in the source and destination fields for security policies
2.What is disable server response inspection in a security policy?
This option enforces unidirectional (client to the server),bypassing the inspection in reverse direction which optimizes Dataplane CPU usage.
3.how to add virus exceptions based on threat ID , because we don't see any database unless we specify the threat ID
4.What is Log container page only in URL filtering
With this box checked g only the URLs that match the content type that is specified are logged .This feature is meant to reduce the number of logs that are generated (mostly images and other code that you may not find useful). If, however, you do want everything logged, simply disable container page logging.
how to change the web time out for palo alto firewall
Device > Setup > Management>Authentication Settings>Idle Timeout
5.Differnece between config and commit locks
Config lock—Blocks other administrators from making changes to the configuration. This type of lock can be set globally or for a virtual system. It can be removed only by the administrator who set it or by a superuser on the system.
Commit Lock—Blocks other administrators from committing changes until all of the locks have been released. This type of lock prevents collisions that can occur when two administrators are making changes at the same time and the first administrator finishes and commits changes before the second administrator has finished. The lock is released when the current changes are committed by the administrator who applied the lock, or it can be released manually.
P.S: Most of these answers are excerpt from the Admin Guide or the Help (?) Menu in the WebUI
Regards,
Ameya
Ameya
02-18-2013 02:49 AM
Hi,
Thanks for the answer.
What is the default limit of rollbacks.
Please let me know if we can change the number of rollbacks limit.
Thanks Raju Reddy
02-18-2013 04:21 AM
You can rollback to around 99th config version from the running config version.This limit cannot be changed.
Regards,
Ameya
-Ameya
02-18-2013 04:25 AM
But we are able to load the configuration versions for more than 1000?
I suppose PAN has something called as config versions instead of rollbacks and this can be close to 65000.
THanks,
Srikanth
02-18-2013 04:36 PM
Hello Srikanth,Raju,
I stand corrected.
Maximum number of saved config version is 1048576 ,default being 100.
This setting can be changed from the following section :
Logging and Reporting Settings
Number of Versions for Config Audit
Enter the number of configuration audit versions to save before discarding the oldest ones (default 100).
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
