About HULK

Hello Shayan, You can also verify the same information through ACC report. Go to ACC, select the time frame, sort by session, it will give you all application details, including more in depth information, like source IP address, country, zone, interface etc. For example: Thanks ... View more

As per my understanding, if you export the "device state" to you local machine, it will have the config which is local on the device. ... View more

Hello Armando, Please find below the link to download the migration tool. Firewall Migrations To access migration tool community, you need permission. If you don’t have enough  permission for migration tool community, you need to ask your local SE. You can download the tool in this community. Thanks ... View more

Hello Sir, It depends on the WMI probing interval that you have set in the UI Agent. If the user switch from wire connection to wifi connection the wmi probing should detect the new ip , but it would happen after a certain interval. Please go through below mentioned KB article for the same. User-ID Agent Setup Tips Hope this helps. Thanks ... View more

Hola Sir, Permítanme hacer una aclaración rápida. Usted está tratando de acceder a la interfaz gráfica de usuario del firewall PAN través de la interfaz de gestión y el momento en que entrar en interfaz gráfica de usuario web, disconneting ..? Si esta es la situación, ¿podría por favor intenta agregar un perfil de gestión con HTTPS / HTTP de acceso en una interfaz física (ejemplo: ethernet 1/1, 1/2, etc) y tratar de acceder a la interfaz gráfica de usuario. ¿Tiene usted algún problema para acceder a CLI ..? gracias ... View more

Hello Sir, Could you please check PAN firewall ACC report  and see if it is showing any country specific traffic. The reserved private IP address will not show any country name. An example given below: If you are able to see the country specific traffic here, then you should get the same information on the traffic map too. Thanks ... View more

Hello Sir, In the case of Deny rules, the traffic is denied immediately when it matches the criterion defined in the security policy so the start and end of the session should be the same. As such you'd be fine, just logging at the start of a Deny policy. You'd not have to wait for the FIN/ FIN ACK to determine the end of the session. So, for a deny rule (I.e. that it starts to deny at the moment the daytime allow rule is switched off by a schedule) will not be able to close/deny for an ongoing session, untill and unless you are applying a "commit force" command or enforcing "session rematch". So, as per my understanding the scheduler policy will be applied to a newly created session, nor for a running session through the PAN firewall. As per my understanding, most of the leading vendor firewall is working like this. ( Example- PAN, Juniper SRX). If you have any further questions or inquiries, please open a case with PAN support, we will help you to fulfill your requirements. Thanks Please mark as correct answer or helpful if appropriate. ... View more

Hello Sir, You could also try to apply below mentioned command to get detailed information i.e. Timestamp, lease, MAC address. show log system subtype equal dhcp start-time equal< time> show dhcp server lease ethernet1/4 show dhcp server lease all Hope this helps. Thanks ... View more

Hello Sir, I did a small test with IE to open WEBUI for PAN-FW management interface. It is working only with SSL 3.0 and TLS 1.0. Thanks ... View more

Yes, you are correct. ... View more

For FW- 5.0.8 : This is the preferred release, holding up well in the field and used by many customers. There are no major issues with it. Thanks ... View more

Hello Sir, Regarding DNS Sinkhole: This is a new feature, will be available on PAN-OS 6.0. This feature adds a new option to the anti-spyware profile, allowing an administrator to enable DNS sinkhole for DNS-based spyware signatures.  The user specifies the IPs to sinkhole to, and then the user can run reports on that IP to identify infected hosts.  The user can also set the address to the loopback address to effectively cut off the communication. The sinkhole action, just like the block action for DNS signatures, should be processed before the DNS proxy is processed.  Thus, the query never goes through the proxy and sinkhole records are not cached if DNS proxy caching is enabled. DNS Sinkhole allows administrators to quickly identify infected hosts on the network using DNS traffic.  Sinkhole DNS queries involve forging responses to select DNS queries so that clients on the network connect to a specified host rather than the actual host pointed to by DNS.  Infected hosts can then be identified from traffic logs and reports.  Any hosts that attempt to connect to the sinkholes host (assumed not to be contacted for any legitimate purpose) is infected with malware. Regarding DNS PROXY, please refer below mentioned documents: How to Configure DNS Proxy on a Palo Alto Networks Firewall about I hope above explanation will help you. Thanks ... View more