About mikand

mikand · ‎08-30-2013

Set all categories in url-filtering to "alert" and they should start showing up in your log and you can by that see which CDN was requested by the client. Usually the requests looks something like www.example.com.cdn.akamai.com

mikand · ‎08-30-2013

The point of the untrust cert is that when PA device fails to setup a proper ssl between itself and the server when using ssl termination there is no way to notify the client about this. So by choosing the untrust towards the client the client will know its bad if the client continue this session. My advice would be to use two different certs, one for trusted and one for untrusted and place that trusted cert as trusted CA in your browser and the other untrusted cert as untrusted / blacklisted CA in your browser.

mikand · ‎08-30-2013

Perhaps to identify the problem but having to have replay-protection turned off for your vpn-tunnels is just bad...

mikand · ‎08-30-2013

Yeah I prefer reversed order as in the forum itself - that is newest advisory should be at top.

mikand · ‎08-27-2013

I never thought of this but is this also true for if you reboot the PA device and what if you update the PANOS version (or for that matter returns to previous version where you had an expired threatdb available)?

mikand · ‎08-27-2013

Also isnt Chrome picky about if the cert for google services has been altered (similar to how windowsupdate functions)? On the other hand if this was the case then it shouldnt worked half of the tries :smileysilly:

mikand · ‎08-26-2013

Hi all! Got a few question related to Panorama which I hope you can help me with? 1) Whats the FR id regarding having Panorama to be able to forward received logs? That is PA-device -> Panorama -> SEIM/Syslogarchive. 2) For which version is this feature expected to show up, and any ETA for when we will see this version available in the download section (that is version and date)? 3) If you log towards an ArcSight installation you can use the CEF-format in the PA-devices. However the CEF format has an overhead of approx 220 bytes (or so) per msg. Which gives that during a burst of say 100.000 msgs/sec the overhead is approx 176 Mbit/s on the line. Do there exist a more efficient way of transmitting logs from PA to ArcSight other than CEF? I mean did PA (or HP?) create a custom flexconnector or such to read native format of PA or is CEF the only available option unless I want to create a flexconnector on my own? 4) Speaking of CEF, any ETA (version and date) for when we will see panos version as a variable?

mikand · ‎08-26-2013

Say good bye to the Y2K problem, say hello to Mr 2031 😃

mikand · ‎08-26-2013

I guess you will have to notify the appid team about this in case they missed it.

mikand · ‎08-26-2013

Do you have userid setup, that is if your PA-3020 is trying to reach some AD machine?

mikand · ‎08-22-2013

As far as I know the DLP stuff in PA never buffers the entire file. It only looks within the stream and if something bad is found the session is killed. Same goes with the antivirus feature of PaloAlto (which is both good and bad). Only case of buffering is for wildfire when the PA will copy the stream from the dataplane into the mgmtplane and then, once the full file has arrived, the file will be uploaded to the wildfire boxes (either in the cloud or locally if you use WF-500 boxes). That is when using wildfire the first client will get infected (or at least get the file) but next client who tries to download the same file should be blocked if the wildfire managed to identify the file as a bad one and push out the signatures to identify this bad file.

mikand · ‎08-22-2013

In general terms, what would be the difference of getting a 3rd party support vs. support straight from PA? Looks like several pages here at support.paloaltonetworks.com is not accessible when 3rd party support is being used.

mikand · ‎08-22-2013

Well you can have 225 VSYS on the PA-5000 series so at least 226 concurrent admins should be possible (one per VSYS + at least one superadmin).

mikand · ‎08-22-2013

Doesnt the chrome plugin found in devcenter display interface statistics?

mikand · ‎08-19-2013

Being "sluggish" sounds more like a routing issue or mismatched speed/duplex for one or more interfaces of your PA (which results in retransmits, lost packets etc).

Member Since	‎03-30-2010 08:39 AM
Date Last Visited
Posts	1,446
Total Likes Received	496

About mikand

Re: What is your experience of using site-to-site VPN with PA devices and how is the performance?

Re: Azure VPN Tunnel configuration MTU adjustment

Re: What the different between 'count' and 'repeat count' in the report?

Re: HA Cluster different transceiver type on each firewall

What is your experience of using site-to-site VPN with PA devices and how is the performance?

What tunnel options do you have for site-to-site using PA devices?

Re: PAN response to: Attacking Next-Generation Firewalls: Breaking PAN-OS ?

Re: PAN response to: Attacking Next-Generation Firewalls: Breaking PAN-OS ?

Re: PAN response to: Attacking Next-Generation Firewalls: Breaking PAN-OS ?

Re: PAN response to: Attacking Next-Generation Firewalls: Breaking PAN-OS ?

PAN response to: Attacking Next-Generation Firewalls: Breaking PAN-OS ?

Re: Feature Request

Re: When should I use a non-tunnel mode gateway with GlobalProtect? Also: license needed for HIP? SSL vs. IPSEC?

Re: Pc does not join into Domain

Re: Overcoming an application filter and url groups

Re: Encrypted and Zipped files with virus in it

Re: Akami in log files as actual destination requested

Re: SSL Decryption - warnings during commit

Re: IPSec VPN restarts very often

Re: Security Advisory Listings

Re: What happens if threat and antivirus licenses expire?

Re: Can't block Gmail file upload

A few Panorama-questions

Re: Who can beat this number ...?

Re: TeamSpeak 3.x not recognized by App-ID

Re: Management inteface send packet port 137 to broadcast public IP

Re: Detecting Data Patterns in Large Files

Re: Product Support

Re: Maximum number of FW admin sessions

Re: Interface Statistics?

Re: telnet with EBCDIC encoding

Unlock your full community experience!

About mikand