About kadak

Hello Cheon, Yes, you are right. Since you have configured 'any' file type in file blocking profile you would get a data-filtering log as 'forward' for all file downloads - atleast.  PE is just a file format category which includes file types with extensions exe,zip..etc If an AV profile is not enabled on a firewall policy for an existing session, the file is streamed from dataplane to management plane for Wildfire processing. That file is  then received by the end user and buffered by the management plane. If the file is signed by a trusted signer, the file download gets logged in the data-filtering logs with action set to 'forward' and no entry is logged in wildfire web portal. If the file is not signed by the trusted signer, then the management plane creates a hash of file to send it to the Wildfire cloud to run a check against existing signatures in the database. From there on, depending upon whether the hash match exists in the database or not, the corresponding data-filtering log gets marked as 'wildfire-upload-skip' or 'wildfire-upload-success'. Hope that addresses your concern! Thanks and regards, Kunal Adak ... View more

Hello JRussell, For a particular file name (lets say if it includes .avi in your case), the template would look as: The above template would only generate a report for AVI files downloaded. Thanks and regards, Kunal Adak ... View more

Hello JRussell, You can create a custom report based on data filtering logs under Monitor > PDF reports > Manage Customer reports. The columns I included: Threat/ Content name, Repeat Count, Source address, Filename, Direction and Subtype. A  sample report for the above template would come out as: You can also export the report in PDF/CSV or XML format Hope that helps! Thanks and regards, Kunal Adak ... View more

Hello ZongguoWei, >debug user-id refresh group-mapping all  (non-intrusive command) This command will only fetch the delta/ difference value from the active directory > debug user-id reset group-mapping all  (intrusive command) This command will query the active directory server to re-build the user-group mappings from scratch. How the does the reverse lookup work ? I mean do the groups show up when do a lookup for a username? The command you would use to do that would be: > show user user-IDs match-user jdoe Thanks and regards, Kunal Adak ... View more

Hello CHammock, Currently, the only way to create reports based on http-application is via GUI under Monitor > Reports > Application reports > HTTP applications. For the report to be on-demand (real-time), you click on the dates below (only one date at a time) and then export the report in PDF/CSV XML format. Also, you can schedule the same report under Report Groups where everyday you get the same report emailed. That report will be bases on last-calender-day's data. Hope that addresses your concern some extent. Thanks and regards, Kunal Adak ... View more

Hello adcar76, Some articles talking about offloading and L7 inspection: When are Sessions Offloaded? What Does "layer 7 processing : completed" Mean in the Session Information? Is that something you are looking for? Thanks and regards, Kunal Adak ... View more

Hello Harkently, What content version is your PAN firewall running on ? Regards, Kunal Adak ... View more

Hello ZongguoWei, If you don't have many user-groups, could you please provide me the output for > show user group list > show user group-mapping state all Thanks and regards, Kunal Adak ... View more

Hello Slawek, Since according to applipedia, SMTP and POP3 are not incorporating SSL ports like 995 and 465, you can write a separate rule to include smtp and pop3 and have service as 'any'  instead of application-default. In that way, you can make sure that your other applications ftp, dns and web-browsing are still riding on their default ports while allowing SMTP and POP3 on all ports. Hope that helps. Thanks and regards, Kunal Adak ... View more