This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

About kadak

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
kadak
‎03-08-2024
since ‎11-07-2011
L5 Sessionator
User Activity
User Profile
Latest posts by kadak
View All
My Liked Posts
View All
User Badges
Community Statistics
Member Since ‎11-07-2011 07:38 AM
Date Last Visited ‎03-08-2024 01:53 PM
Posts 259
Total Likes Received 129

Re: Special Character in domain name

by in General Topics
‎06-25-2014 09:47 AM
‎06-25-2014 09:47 AM
Hello lauro7, The special characters not getting handled appropriately was a known issue is fixed in 6.0.3. You can verify the release notes of it as well by 62763 Above is an excerpt from 6.0.3 PAN-OS release notes. Hope that helps! Thanks and regards, Kunal Adak ... View more

Re: websense webfilter as proxy

by in General Topics
‎06-25-2014 09:17 AM
1 Kudo
‎06-25-2014 09:17 AM
1 Kudo
Hello Javith, Palo Alto Networks does not integrate with Websense. It uses either Brightcloud or proprietary PanDB, for looking up the categories. PANFWs do not send out any Websense Integrated Service Protocol traffic.  Please switch to either Brightcloud or PanDB, if you want the Palo Alto firewalls to perform any URL filtering. But, you can definitely run Websense in front of PAN.  You'd just have to have your users browsers setup to point to the Websense proxy (use AD for an IE environment), or by some other means route the browser traffic to the Websense proxy (maybe PBR).  Then your PAN rule would allow the proxy to make outbound web connections and deny other sources so that the proxy isn't bypassed. Hope that helps! Thanks and regards, Kunal Adak ... View more

Re: Curious: How are people doing User-ID?

by in General Topics
‎06-23-2014 01:47 PM
‎06-23-2014 01:47 PM
Hello matt.rosloniec@amway.com, This document will get you started: User-ID Best Practices - PAN-OS 5.0, 6.0 Hope that helps! Thanks and regards, Kunal Adak ... View more

Re: Download Palo Alto Software 2020

by in General Topics
‎06-23-2014 01:44 PM
‎06-23-2014 01:44 PM
Hello Tee, When you login into support portal, the following gives the link to download software for 2K platform: https://support.paloaltonetworks.com/Updates/SoftwareUpdates/245 Or if your Pa-2020 has an internet connection, then: How to Upgrade PAN-OS on a Palo Alto Networks Device Hope that helps! Thanks and regards, Kunal Adak ... View more

Re: Deny a specific file from being uploaded into Wildfire?

by in General Topics
‎06-20-2014 01:16 PM
‎06-20-2014 01:16 PM
Hello genep, If you know the source IP address of the file, you can create a security rule on top of the existing rule with a that IP address configured in it and NOT associate any file blocking profile to it. Hope that helps! Thanks and regards, Kunal Adak ... View more

Re: PAN Active/Active Virtual IP?

by in General Topics
‎06-20-2014 09:41 AM
‎06-20-2014 09:41 AM
Hello msmid, In Layer3, we support 2 modes of operation : Floating IP and ARP load sharing. Floating IP: Supports multiple VIPs per gateway and these can be used by hosts in the network as gateway. If failover occurs, gratuitous ARP is sent out by the functional device. Once device recovers, floating IP and VMAC will move back to the original device. ARP load sharing: A VIP is shared among the HA peers, but each with their individual VMAC. The device that responds to the ARP request is determined by computing a hash or modulo of the source IP address of the ARP request. If link or device failure, floating IP and VMAC moves over to the functional device. Gratuitous ARP is sent out by the functional device. Hope that helps! Thanks and regards, Kunal Adak ... View more

Re: PA Ipsec 2/3 phase 2 coming up only

by in General Topics
‎06-20-2014 08:55 AM
‎06-20-2014 08:55 AM
Hello JRussell, On the Palo Alto firewall, you monitor ikemgr.log while phase-2 is negotiating. For that you would need to setup the ike daemon to 'debug' level and tail follow the log. > debug ike global on debug (make sure you give this command twice to make sure that the daemon logging is set at debug level rather than info level ) ************************************** > debug ike global on debug sw.ikedaemon.debug.global: normal > debug ike global on debug sw.ikedaemon.debug.global: debug ************************************** Once that is done, you can execute the following command: > tail follow yes mp-log ikemgr.log 2014-06-19 14:34:16.194 -0500 ikemgr: panike_daemon phase 1 finished with status 1 2014-06-19 14:34:22.829 -0500 ikemgr: panike_daemon phase 2 started 2014-06-19 14:34:22.829 -0500 pan IKE cfg phase-2 triggered. 2014-06-19 14:34:22.829 -0500 pan IKE cfg phase-2 triggered when not necessary, skipped. 2014-06-19 14:34:22.829 -0500 ikemgr: panike_daemon phase 2 finished 2014-06-20 10:51:19 [INFO]: panike_debug_level_cb 4 => 5 2014-06-20 10:51:20.603 -0500 debug: ifmon_request_put(daemon/panike_sysd_if.c:916): 16 write to pipe: debug_level 2014-06-20 10:51:20.603 -0500 debug: ifmon_request_get(daemon/panike_sysd_if.c:932): 16 read from pipe, msg type 1 . , . . and so forth.... To turn off the debugging: > debug ike global on normal sw.ikedaemon.debug.global: debug The following document helps troubleshooting VPN scenarios: How to Troubleshoot VPN Connectivity Issues Hope that gets your started! Thanks and regards, Kunal Adak ... View more

Re: URL Filter (BrightCloud) Categorizing Many Sites as Adult

by in General Topics
‎06-19-2014 11:46 AM
‎06-19-2014 11:46 AM
Hello mario11584, Yes, you are right! We wouldn't know which website is getting mis-categorized on the fly. We actually have to wait for a legitimate website to get blocked and then add it manually to the URL custom category. Thanks and regards, Kunal Adak ... View more

Re: Webserver on Network, Need support references on how the PA devices can help secure your network

by in General Topics
‎06-19-2014 11:43 AM
‎06-19-2014 11:43 AM
Hello, You can start configuring policies for your web server to protect from Denial of Server Attacks: How to protect web-server using DOS policy Not to forget, that you an apply AV, anti-spyware and vulnerability profiles to the security rule which is responsible for allowing traffic. Plus, you granularize your security rule based on allowed applications only. Threat Prevention Deployment Tech Note (page 18-28) Hope that helps! Thanks and regards, Kunal Adak ... View more

Re: URL Filter (BrightCloud) Categorizing Many Sites as Adult

by in General Topics
‎06-19-2014 09:40 AM
‎06-19-2014 09:40 AM
Hello mario11584, You can also create a custom category, include all the false positives into that and set the action on that custom category to to be 'alert' and 'allow'. In this way are you re-categorzing cliffhousegp.com to 'Allow false positive' URL category from ' Adult' category. Hope that helps! Thanks and regards, Kunal Adak ... View more

Re: DNS Servers - can you set 3?

by in General Topics
‎06-19-2014 09:31 AM
‎06-19-2014 09:31 AM
Hello networkadmin, Currently there is a limitation on the firewall to configure only two DNS servers. However, I see a feature request (FR ID : 2569) submitted to our content development team for the PAN to have the capability to add Tertiary and Quaternary DNS servers as well. You can request your account's sales engineer to vote for it so that we can include it in our future software releases as soon as possible Hope that helps! Thanks and regards, Kunal Adak ... View more

Re: URL Filter (BrightCloud) Categorizing Many Sites as Adult

by in General Topics
‎06-19-2014 09:25 AM
‎06-19-2014 09:25 AM
Hello mario11584, I did a URL lookup on brightcloud for both website and this is what I found: themes.creativemilk.net : Computer and Internet Info Business and Economy cliffhousegp.com : Adult and Pornography Till the time brightcloud re-categorizes them to correct categories, you can start adding the false positive URLs to the 'allow list' of the same URL filtering profile and make it work. The Allow list Section always take precedence over Category Section Hope that helps! Thanks and regards, Kunal Adak ... View more

Re: URL Filter (BrightCloud) Categorizing Many Sites as Adult

by in General Topics
‎06-19-2014 08:45 AM
‎06-19-2014 08:45 AM
Hello mario11584, Currently, Are we using PANDB or brightcloud as URL database? Can you give me an example of one legitimate website which is showing as 'adult-pornography' ? Thanks and regards, Kunal Adak ... View more

Re: About custom vulnerability signature

by in General Topics
‎06-17-2014 07:24 AM
‎06-17-2014 07:24 AM
Hello cheon, Your question would be best answered in the following community : DevCenter Thanks and regards, Kunal Adak ... View more

Re: Cisco SFP+ Twinax Copper Cables to PA-5050

by in General Topics
‎06-17-2014 07:13 AM
1 Kudo
‎06-17-2014 07:13 AM
1 Kudo
Hello santonic,   Following document should help you as it jots down all the SFP transceivers supported in conjunction with PAN firewalls Palo Alto Networks Hardware Accessories Cross Reference Including Transceivers (SFP Modules)   You can also contact your account's sales engineer to get more information on SFP+ compatibility with PAN firewalls.   Hope that helps!     Thanks and regards, Kunal Adak ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎03-08-2024 01:53 PM
Latest Tags
No tags yet
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks