This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

About networkadmin

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
networkadmin
‎09-16-2017
since ‎02-12-2010
L4 Transporter
User Activity
User Profile
Latest posts by networkadmin
View All
My Liked Posts
View All
User Badges
Community Statistics
Member Since ‎02-12-2010 10:34 AM
Date Last Visited ‎09-16-2017 04:35 PM
Posts 242
Total Likes Received 16

arp/mac cache limits - any plans to increase them?

by in General Topics
‎05-27-2012 07:40 AM
‎05-27-2012 07:40 AM
Palo Alto seem to have the lowest arp/mac cache limits of any firewall I've ever come across. Are there any plans to increase the limits please? ... View more

SSL Forward Proxy - Best Practise?

by in General Topics
‎04-22-2012 04:36 AM
‎04-22-2012 04:36 AM
Can anyone point me to a document or some guidelines on current recommendations/best practise when using forward proxy please? I have the SSL certificate in place on my clients, my main target is SSL traffic to higher risk URL categories such as web based email and social networking sites. I'm currently running 4.0.9. Thanks. ... View more

Re: VLAN's with Palo Alto - Primer/Tutorial?

by in General Topics
‎04-19-2012 08:58 AM
‎04-19-2012 08:58 AM
rmonvon wrote: Hi...Please review Case 1 in this 'Securing Inter VLAN traffic' doc.  It has the configuration for multiple VLANs on one port. https://live.paloaltonetworks.com/docs/DOC-1618 Thanks. That looks absolutely spot on thank you. So in that scenario (Case 1) I wouldn't have any data going into the Palo Alto untagged on that interface, it would be a pure trunk port? Presumably on the Palo Alto I would only need to create sub-interfaces for any VLANs that I wanted the Palo Alto to handle and anything else on that trunk would just be ignored by the PAN? It looks like a 5 minute thing (plus changing the uplink from the switch from an access port to a trunk) so I'm suspicious as I assumed it would be more complicated than that? ... View more

VLAN's with Palo Alto - Primer/Tutorial?

by in General Topics
‎04-18-2012 02:02 PM
‎04-18-2012 02:02 PM
One of our switches has a couple of untagged connections into our PAN. Each connection is configured on the PAN as a regular L3 interface with an IP address assigned and the interface is in the appropriate zone. I'm interested in reclaiming one of the NICs on the PAN so it would be nice to be able to run a trunk from the switch to the PAN. Where I'm struggling a little is in making sense of the Admin Guide on how I do this - specifically how I tell the PAN that I have VLAN20 and VLAN30 coming into it, and I want to assign the PAN 192.168.1.254 on VLAN20 and .2.254 on VLAN30 and have the VLAN interfaces assigned to the zones that the L3 interfaces were in (as at this point I wouldn't be using those two L3 interfaces). I'm sure my terminology is a bit off for which I apologise, but hopefully I've explained what I'm looking to do - are there any example white papers or tutorials please? If there's any questions just ask. Thanks. ... View more

4.1 - How big of a jump from 4.0?

by in General Topics
‎11-11-2011 10:01 AM
‎11-11-2011 10:01 AM
We're currently running 3.1.10.  There is an issue we're encountering related to SSL decryption and URL filtering which we're waiting for 4.0.8 to come out and fix. I see 4.1 is now out so just when I thought we'd be running the latest PanOS, all of a sudden we aren't. How much of a leap is 4.1 from 4.0.x?  What is Palo Alto's recommended OS assuming you have no specific feature need that would dictate a certain version? Thanks ... View more

Re: Producing an application usage graph?

by in General Topics
‎10-28-2011 06:54 AM
‎10-28-2011 06:54 AM
Thanks, but that's not really what I'm looking for. The ACC is just a total for a period of time.  I'd prefer to be able to do some sort of graph, a little the one on Monitor/App Scope/Network Monitor but just for specific applications. ... View more

Producing an application usage graph?

by in General Topics
‎10-28-2011 06:48 AM
‎10-28-2011 06:48 AM
Is there a way to produce a graph of the usage of a particular application? Bytes or sessions would be acceptable, I just want to be able to show a rough usage trend over the course of a day/week. Thanks. ... View more

Re: VPN tunnel to Cisco ASA via GUI?

by in General Topics
‎09-08-2011 11:29 AM
‎09-08-2011 11:29 AM
Brilliant thanks Richard.  I would be grateful for any specific tips on any options in the PAN GUI that are unusual/specific to getting a tunnel up and running with the settings I listed. Thanks. ... View more

VPN tunnel to Cisco ASA via GUI?

by in General Topics
‎09-07-2011 10:01 AM
‎09-07-2011 10:01 AM
I need to setup a VPN tunnel with a Cisco device which we don't control or have any access to. The intention is that I can allow a group of IP addresses on our LAN to have access to resources on the other side of the tunnel. These are the settings that I've been given by the people who own/control the other side of the tunnel: Phase 1 ISAKMP Identification: IP Address ISKAMP Pre Share Key: <TBC via Phone or Secure Email do not include on this form> ISKAMP Lifetime: 86400 seconds ISKAMP Encryption: AES256 ISKAMP Authentication: Pre share key ISKAMP Hash: SHA DH Group: 2 NAT-T: Enabled IKE Negotiation Mode: Main Phase 2 IPSEC ESP Authentication: SHA IPSEC ESP Encryption: AES256 IPSEC SA Lifetime Kbytes: 4608000 IPSEC SA Lifetime Hrs: 8 Perfect Forward Secrecy: Yes Mode: Tunnel Connection Type: Bidirectional I'm pretty new to VPN tunnels.  Is there anything I need to know when trying to set this up on the PAN? My understanding is that ideally I would create a new zone called "CustomerX" and put the tunnel.x interface that I create into that zone so that I have to have a rule to allow any traffic to flow between our "trust" zone and the far side? Any info would be really appreciated and any questions or things I haven't mentioned, just ask. Thanks. ... View more

Exchange 2010 - Applications Required?

by in General Topics
‎08-14-2011 05:46 AM
‎08-14-2011 05:46 AM
We have a Palo Alto in front of an Exchange 2010 CAS server. The Palo Alto is in a back-to-back config with a "dumb" firewall in front of it that only allows port 443 inbound. The Palo Alto has the SSL cert from the Exchange box on it, so does SSL inspection on all the inbound traffic. My questions is, can anyone who has Exchange 2010 behind a Palo Alto confirm which apps I'd need to allow if I wanted to be a little smarter than simply allowing port 443 through as a service? If I drill down using App-ID into the destination IP, over the last 7 days these are the apps/sessions that I see: outlook-web     8,055 ms-exchange      6,678 msrpc      4,197 web-browsing 3,037 ssl      2,929 dns      224 rpc-over-http      37 webdav      29 unknown-tcp      25 insufficient-data      12 http-audio      10 http-proxy      2 Obviously many of those are expected, but equally some aren't. I'm concerned that unless the list of apps is absolutely correct people will start to find obscure pieces of access to Exchange/Outlook stop working. Thanks in advance. ... View more

Re: PA-500 Upgrade to 4.0.3

by in General Topics
‎06-25-2011 03:03 AM
‎06-25-2011 03:03 AM
It was suggested I allow around an hour when we do upgrade from 3.1.x.  Apparently you don't have to go to 4.0.1 first though.  You do need it downloaded as it's the base image, but you can install 4.0.3 (or whatever is the latest) and upgrade directly to that. ... View more

Re: PAN OS 3.1.9

by in General Topics
‎06-25-2011 03:01 AM
‎06-25-2011 03:01 AM
camkim_MDEA wrote: Running it for a week or two , so far so good. We ended up upgrading due to an issue where websites get classified as "unknown", rendering your filtering policies useless. Yeah I got caught by that too.  Great fun when you're demoing your filtering policies and "Look how it blocks porn sites" and oh look, actually it doesn't because the URL cache has corrupted :smileyshocked: ... View more

Re: Drive-By Protection?

by in General Topics
‎06-12-2011 06:29 AM
‎06-12-2011 06:29 AM
Thanks, that sounds like a feature I recall reading about. If anyone's using it I'd be interested to know if you think it's a worthwhile improvement and justifies going from 3.1.x to 4.0.x a little sooner than we perhaps would otherwise. ... View more

Re: Filtering On Multiple Brightcloud Categories

by in General Topics
‎06-12-2011 06:27 AM
‎06-12-2011 06:27 AM
dyang wrote: Hello, While BrightCloud provides a reputation score for URLs, the Palo Alto Networks URL filtering engine does not utilize this score in policy.  If this is a feature you'd like to see, please contact your SE to file a feature request. Hope this helps, Doris In that case, if a URL is in multiple categories, how dows the PAN "decide" which to apply an action on please? ... View more

Drive-By Protection?

by in General Topics
‎06-08-2011 12:44 PM
‎06-08-2011 12:44 PM
We're finding that there's a small amount of drive-by stuff, typically fake AV, that's making it past the content filtering, spyware filtering, and antivirus filtering in our Pan running 3.1.8. Are there any non-default settings that are recommended as, tbh, the antivirus/anti-spyware feature hardly ever seems to catch anything? Also I believe there's a drive-by protection feature in 4.x?  As I only have a single PAN I can't easily trial/test it out so could someone explain how the new features that tackle this work please? Thanks, Paul ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎09-16-2017 04:35 PM
Latest Tags
No tags yet
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks