FTP Evasion Detection (id:30401)

Could anyone help to explain what this threat is?

FTP evasion detection (id:30401)

I found this threat in the log, also checked the logs in FTP server, but don't get it.

here is the log from the source IP of this threat in FTP server (Microsoft IIS FT

SSH Proxy Decryption issue

On the PA-440 firewall, I created a decryption policy for SSH Proxy (LAN to WAN zone). When I initiate an SSH session to the same firewall’s management IP (192.168.29.25), decryption does not occur, as seen in the traffic logs. However, when connecti

SCM management routing mode change failed

Hi,

I’m trying to manage PA-460 from SCM, but I still get error, even after a factory reset.

The firewall still disconnects and cannot complete bootsrap process, but SCM receive telemetry data.  I also try to change [routing mode] to advanced routing

How to configure pool.ntp.org or us.pool.ntp.org as ntp server

I configured them both using fqdn on the security policy with source as firewall management interface but ntp status shows rejected. How do I fix this. Please help

All services to the internet use management interface

DNS  configured 1.1.1.1 and 8.8.8.

NGFW Saas Azure Logging

I have deployed the NGFW in Azure in a vnet. We had to redeploy due to a spelling error now we cannot set up the logging . We enable logs and save to a log analytics workspace. Acts like it is going to save but does not . Error provided . Error readi

How to reboot a Palo Alto Networks device from a previous image from Maintenance Mode

We are planning to upgrade our PA-440s and I would like to know the procedure to reboot a Palo Alto Networks device from a previous image from Maintenance Mode incase of any issues.

Thanks in advance

We enable the virtual system on firewall and facing the "No Accessible virtual system"

We using vsys in firewall and found with "No accessible virtual system" appear in Policy as file attach and we wait for moment of time and problem is resolve by itself. This is bug of GUI or do you guys know what make this happen ? 

PS. All traffic

Unable to Ping Palo Alto Interface – Connectivity Appears One-Sided

We are working with a client who has a network setup where a Palo Alto firewall is connected to a Check Point firewall. The client reports that they are unable to ping the IP address of the Palo Alto firewall's interface ethernet1/8.

Troubleshooting S

Terminal server from a single IP address, the firewall cannot distinguish which user generated which traffic!

When multiple users access a terminal server from a single IP address, the firewall cannot distinguish which user generated which traffic. The firewall maps the IP address to only one user.

After research, I resolved this issue with TSA, but I want

Custom Report Query 질문

When I search for "name-of-treatid contains 'Command and Control'" in the Threat Log, I get logs that contain that string in the Threat ID/NAME field.

To save this log in PDF format, I selected only the desired fields from the Custom Report menu and

Audit Logs Not Showing Committed Versions

Hi Community,

We're currently experiencing an issue on our Palo Alto Networks 34xx Series firewall with Multi-VSYS enabled.

Issue:
The Audit Logs are only showing the backed-up versions rather than the committed versions. We are unable to track which

Intermittent IPSec Tunnel Monitoring Issue

We experienced an issue this morning , where the IPSec Tunnel Monitoring status went down for a few minutes before coming back up again. However, after checking the peer firewall, there were no signs of the tunnel going down, no related logs or statu

How to backup and restore from PA3220 to PA1420 for a Global Protect Portal & Gateway

Hi,

I have been doing researching for how to migrate from old palo alto firewall model to new. Seem like it will working if using configuration snapshot xml file from old model and restore on the new model and the old & new model is similar. Howeve

NPN Incident - Suggest a "software repository" URL Category?

Hi!

I've been investigating the NPN supply chain attack here, one strand of which was looking at servers who had fetched from the repository using URL filtering. Our servers _alert_ on "computers-and-internet-info" (which registry.npmjs.org is cate

URL Filtering: Categories for Suicide Promotion/Self-Harm Promotion

Hi!

Unless I've been dumb enough to miss them, the Palo Alto URL filtering database lacks a category for suicide/self-harm promotion sites. I've now been asked for a second time if we could block such sites. As a higher education institute, we're r