About _slv_

I think that the best for You will be creation in Device >Scheduled log export profiles that will export log using ftp/scp and observing in your environment. My daily traffic log file is about 250MB, other logs are about couple of MB. Think twice that every your  security policy should have logging enabled or not or logged on session start or maybe only on session end. With regards SLawek ... View more

From PAN 5.0.10 fixes log: 57816—Groups were not displayed in the Allow List dropdown selection of an Authentication Profile. This was due to changes made for an issue addressed in PAN- OS 5.0.7 (49237). This issue has been fixed so that groups are displayed in the Allow List dropdown selection of an Authentication Profile for single-vsys devices. Maybe it will be usefull for You Regards SLawek ... View more

From PAN 5.0.10  fixes log: 57816—Groups were not displayed in the Allow List dropdown selection of an Authentication Profile. This was due to changes made for an issue addressed in PAN- OS 5.0.7 (49237). This issue has been fixed so that groups are displayed in the Allow List dropdown selection of an Authentication Profile for single-vsys devices. Regards SLawek ... View more

Please take a look into PAN 5.0.10 fixes: 57763—When WildFire Action was configured as "default(Block)" in Antivirus profile, block action didn't take effect as the default action was not configured internally. The workaround is to configure WildFire Action as "Block" instead of "default(Block)". Probalby your device didn't block any of the file... Regards SLawek ... View more

Hi Tasonibre AD1. I changed my both CP policies (from WiFi to untrust and WiFi to DMZ_wew) from "default" to http and https When  I try to open http webpage (doesn't matter it's from DMZ or Untrust) it's working prefectly and webbrowser i redirected to CP. When I try to open https://paloaltonetworks.com I get "The connection was reset  The connection to the server was reset while the page was loading." - that's OK - I didn't authorise my session. I have problem when I try to open https://mywebpage.com (served from DMZ_wew) - the webpage is loading without any problems . Where is my problem? I'd like to stop https traffic to DMZ_wew zone in the same way as to Untrust. I need clarification according to same zone traffic. Should I add security policy allowinf same zone traffic or it's not nesssary? Regards Slawek ... View more

Hi Vince According to Excel specifications and limits - Excel - Office.com 65000 limitation is for .xls file (for Office XP and older). Nevers version (.xlsm) has Worksheet size 1,048,576 rows by 16,384 columns. Regards Slawek ... View more

I have few case open related to reports. Support recomendate to use 5.0.9 for troubles with reports. Slawek ... View more

Craig, are You sure that in traffic logs are data from system log? From CLI admin@PA> scp export log > data       data > threat     threat > traffic    traffic > url        url > wildfire   wildfire ^^^^ this is the same like from GUI. SLawek ... View more

Hi Craig Is this only possibility to do this? I prefer to use scheduler or CLI. Anyway thank You so much, I missed this option. Regards Slawek ... View more

Hi I can't help you, but I have related question. How to export system log? It's impossible using Scheduled log export. Isthere any other way to export it CSV or any other format? With regards SLawek ... View more

Hi Tasonibare Sorry for my english ... Q1: Yes, my captive portal policy is configured to only CP traffic going to Moodle_zew and WWW_zew destinations. I did it for testing purposes. Today I changed it to any and I got strange for me situation. From VM Linux workstation (the same I used earlier) from WiFi network I CAN open webpage of Moogle (using it public address) by HTTPS without redirecting to CP, when I put in browser HTTP adress I get CP login page. Q2: Correct, I know it - but I;d like to someone confirm it for me too. My policies looks like: "WiFi 1" and "WiFi 2" should block traffic between this two networks, and it did. I don't understand what is going with same zone traffic. Before I add policy "WiFi to WiFi" my VM get dhcp responce from server.  I try to "catch" traffic from CLI. I disconnected VM and connected again and immediately I launched from CLI: admin@PA-200> show session all filter source 192.168.30.32 -------------------------------------------------------------------------------- ID      Application    State   Type Flag  Src[Sport]/Zone/Proto (translated IP[Port]) Vsys                                      Dst[Dport]/Zone (translated IP[Port]) -------------------------------------------------------------------------------- 9315    dns            ACTIVE  FLOW       192.168.30.32[49409]/WiFi/17  (192.168.30.32[49409]) vsys1                                     192.168.30.1[53]/WiFi  (192.168.30.1[53]) 11517   web-browsing   ACTIVE  FLOW  NS   192.168.30.32[36821]/WiFi/6  (94.124.14.143[13414]) vsys1                                     94.124.11.170[80]/untrust  (94.124.11.170[80]) 40928   ssl            ACTIVE  FLOW  ND   192.168.30.32[40159]/WiFi/6  (192.168.30.32[40159]) vsys1                                     192.168.110.1[6082]/captive-portal  (127.3.1.1[6185]) but here isn't dhcp traffic . In system log is a entry "'DHCP lease started ip 192.168.30.32 --> mac 00:50:56:aa:62:85, interface ethernet1/4.3'" but this traffic doesn't hit  "WiFi to WiFi" policy (I have log at session end enabled). With Regards Slawek ... View more

voted by me! I hope that it will be in PAN 6.0.x ... View more

Or You can use onlie tool http://www.sslshopper.com/ssl-checker.html Regards SLawek ... View more

Please take a look in topic User Groups Seen as Users in Security Policy and new users added to that group are not getting identified. > debug user-id reset group-mapping all  (intrusive command) This command will query the active directory server to re-build the user-group mappings from scratch. Regards Slawek ... View more