About ppatel

Hi Manfred, Thanks for letting us know about the Exploit not getting detected. I would like you to do is open up a support ticket with Palo Alto Networks via Web. Submit all the relevant details regarding the virus, along with the packet captures from the test host when you go ahead and download the link. We do have a lot of Adobe vulnerabilities covered and it might be possible we would have missed one. Here is the link that contains the list that you woudl be required to submit while opening the support ticket.(According to relevance) https://live.paloaltonetworks.com/docs/DOC-2769  (The link is to submit false positives but these information also helps our content team modify or add signatures to the existing Database.) Essential details: >show system info >trafic logs >packet capture from the host when you download PDF Regards, Parth ... View more

Hi Mark, Incomplete means that either the three way tcp handshake did NOT complete or the three way tcp handshake did complete but there was no data after the handshake to identify the application. In other words that traffic you are seeing is not really an application. So to explain a little clearer, if a client sends a server a syn and the paloalto device creates a session for that syn, but the server never sends a syn ack in response back to the client, then that session would be seen as incomplete. Also, this may caused due to incorrect Rule setup. Your NAT rule appears to be fine, the only change you need to make is in your security rule:- Destination Address: Public Ip-address After this change you should be able to get it working. Let me know if that helps. Regards, Parth ... View more

Hi Ryan, Here is the link on how to configure IPSEC VPN. the document will may be presented in 3-1.x or 4-.0.x release but the steps are similar, only the User interface changes a little while setting it up. https://live.paloaltonetworks.com/docs/DOC-1163 For SSL VPN , Please go to the following link:- https://live.paloaltonetworks.com/docs/DOC-1157 Regards, Parth ... View more

Hi Kalyan, For any issues related to design, feature request, licenseing for the product please contact the Reseller from whom you purchased the device (as a first point of contact) or Palo Alto Networks Sales Engineering Team if you bought the device directly from us. If you donot happen to know your Regional sales Engineer, please get in touch with our sales Team at the follwoing E-mail. Sales Inquiries US and North America: contact_sales@paloaltonetworks.com Regards, Parth ... View more

Hi Kal. As far as I know, currently there is no way we can do log forwardign for Alarm Logs on to a syslog server. You can enable CLI and Web alarm notifications though. Device--> Log Settings -->Alarms The syslog server profile also does not have the way to forward logs to syslog. Also per the admin guide 4.0, You can view the current list of alarms at any time by clicking the Alarms icon in thelower right corner of the web interface. This opens a window that lists the unacknowledgedand acknowledged alarms in the current alarms log. To acknowledge alarms, select theircheck boxes and click Acknowledge. This action moves the alarms to the AcknowledgeAlarms list. The alarms window also includes paging, column sort, and refresh controls Regards, Parth ... View more

Hi, I did a quick test on my Palo Alto device and found the same results. I created a the following rule set:- 1) Name:- Test Rule 1:-  From Trust, DMZ  to Untrust,   Allow: facebook-chat,facebook-base and jabber 2) Name:- Test Rule 2 :-  From Trust to Untrust,   Allow: web browsing , ssl 3) Name:- Test Rule 3 :-  From DMZ to Untrust,   Allow: web browsing , ssl The commit will show us the dependency warning as you see in your case. I guess since you have created a rule 1 to include  2 source zones in the single rule to allow facebook base,facebook-chat jabber the dependency rule should also include the same 2 source zones. I do understand your purpose of addidng 2 differnt URL filtering profiles to the two dependency rules. This can be acheived without any dependency warnings by the following rule  Set:- 1) Name:- Exclude_Applications:- From Manage-zone to Any zone with TMG-Manage-Source address Allow facebook base-chat-mail-posting,dropbox etc 2) Name:- Exclude_Applications -2 :- From -Zone to Any zone with  TMG-Source address Allow facebook base-chat-mail-posting,dropbox etc 3) Name:- Manage Application Control (No change to that rule) 4)Internet_Manage:- From Manage-zone to Any zone with TMG-Manage-Source address Allow ssl, web-browsing (Add-URL category- 1) 5)YVC_Application Control:- From -Zone to Any zone with TMG-Source address Allow ssl,web-browsing (Add-URL category-2) You would not be seeing the warnings now. Let me know once you configure it and if that helps. Regards, Parth ... View more

Hi, Here is the document that gives step by step instructions on how to redistribute Static Route via OSPF https://live.paloaltonetworks.com/docs/DOC-2923#cf Regards, Parth ... View more

Hi David, Software Version 4-0-11 was out April 11, 2012. If you get a chance please upgrade to that version if NOT already to get rid of the Software Pools depletion bug . Regards, Parth ... View more

Hi Dan, Yes, it can be high management causing the prompt to delay. Check the output for the following CLI comand:- >show system resources follow Look for the swap usage and also the the following processes:- mgmtsrv devsrv Regards, Parth ... View more

Hi Alex, Do you mean downloading the installer or the downloads managed by jdownloader.? If you want ot manage downloading the installer, it should be an exe file , which you can handle through File blocking profiles and set appropriate actions and applying to specific rules. We currently do not have the jdownloader as an application in our App database. Regards, Parth ... View more

Hi, For any issues related to design, feature request, licenseing for the product please contact the Reseller from whom you purchased the device (as a first point of contact) or Palo Alto Networks Sales Engineering Team if you bought the device directly from us. If you donot happen to know your sales Engineer, please get in touch with our sales Team at the follwoing E-mail. Sales Inquiries US and North America: contact_sales@paloaltonetworks.com Regards, Parth ... View more

Hi , Here are the step by step instructions on how to do that. I would be doing a brief write up and posting an article shortly along with this screenshot for this configuration. 1) Create static route under VR routing table >Go to Network---->VR >Click Default-VR---> General Tab (Add any static route needed) 2) Create Redistribution Profile Under Network---->VR----> Default ---> Redistribution Profiles Tab ---> Click Add >Configure profile name >Enter Priority >Select the filter type as “Static” >Check "Redistribute" box under Action >Click Ok >Use metric 10 or above, lower the number the higher the priority 3) Create Export Rule under OSPF router configuration Go to Network---->VR----> Default > Click on OSPF Tab >Click "Add" under export Rules >Specify Name of redistribution Profile per step 2 >Specify Path Type---> and click okay Note: New Path Type configuration ext-1 or ext-2 will both work. 4) Commit the changes that were done on the device. Note: Once steps 1 thru 4 have been completed, any new static route created will automatically get redistributed via ospf. Regards, Parth ... View more