About Chatri

Just running the command on the Active device should be enough and it should ideally not affect the traffic as device server is a module that belongs to the management plane. ... View more

Detector threat pool is responsible for correlating the pattern matches ( on traffic that has been decoded by the content engine of the FW) and the action set. This is in a nut shell is responsible for alerting on any matched threat signatures. ... View more

Actually to increase the application timeout, you may browse to the OBJECTS tab in the GUI>>>>> APPLICATIONS>>>>>search for FTP and then customize the application idle timeout. This should help you achieve what you are trying to achieve. ... View more

Have you tried disabling all sorts of probes and enable 'server session read'  ? That way the PCs will directly not be probed but the DC's server logs will be checked for open socket sessions any domain PCs has ( log on and log off will be seen). So . essentially we should still be able to dynamically monitor the user to IP enumeration without probing the PCs directly. ... View more

Hello, Following document although does not talk about the working, it talks about the set up scenarios or deployment scenarios of the Vwire mode. I shall keep trying to find the requested detailed document that would walk you through the working of NAT and other L3 capabilities in Vwire https://live.paloaltonetworks.com/docs/DOC-2561 ... View more

Hello Wolfrene, PA is using a combination of the category of the URL, Known CVE IDs that may be associated with a domain. The Palo Alto content team constantly keeps monitoring and reevaluating the malicious or benign nature of such URLs. The best way to get a domain clean that has been categorized as Malware is to have a TAC case opened up with pcaps of the threat traffic ( this can be done by enabling pcap on the threat profile that triggered this threat log), screen shot of the threat log and the tech support file. The TAC will have this domain re-evaluated by the Content team and if changes are made to this threat signature then push the change with the next content release. ... View more

I hope I have understood your question correctly, You want to balance traffic coming in to a Firewall between a vwire internet link and a L3 internet link. A Wire Interface will put all the traffic that is received on it on the second Vwire interface that is part of that 'VWIRE'. There wont be any routing decisions made on it with respect to balancing the LOAD. It will not be possible to split traffic between a Vwire interface and an L3 interface. ... View more

A good idea will also be to see if there are any other third party VPN client that is installed on the PC. Also, Do the routes get installed ? Does the IPconfig look fine after connecting? ... View more

Is the login attempt successful. Can you verify in the authd.log whether the log in was successful? Also, in the user mapping tab under device>>>user-identification... Is there any networks specified under 'Include/exclude' networks? I have seen issues where the include and exclude networks causes the issue. You could just try adding 0.0.0.0/0 in the include networks...just to see if that changes anything. Regards. ... View more

Following document should be able to help you set it up. https://live.paloaltonetworks.com/docs/DOC-4791 ... View more

PA firewall cannot act as a web proxy. So, like just like an explicit proxy the Palo Alto will not be able to cache web pages. But just like an explicit proxy the PA can act as a dns proxy. To be straight, the Palo Alto will not not be able to do all that an explicit Proxy does. ... View more