About emr_1

Hi, Are you talking about this document? Regards, ... View more

I confirmed with my PA-5020. Both 4.1.10 and 4.1.12 would not show me sub-interface. I'm not sure this is bug or not. You should open a case and ask PAN selecting sub-interface for pcap is new feature from 5.0 or not. Regards, ... View more

Hmm...I'm using v5.0.4. How about your box? ... View more

Hi Do you mean you can't select your ethernet1/6.40 on your filtering configuration? I could select my sub-interface on my box from either CLI or GUI. > debug dataplane packet-diag set filter match ingress-interface ?   ethernet1/1     ethernet1/1   ethernet1/2     ethernet1/2   ethernet1/2.1   ethernet1/2.1   ethernet1/3     ethernet1/3   ethernet1/4     ethernet1/4   loopback        loopback   loopback.1      loopback.1   tunnel          tunnel   tunnel.1        tunnel.1   tunnel.2        tunnel.2   vlan            vlan   <value>         Ingress hardware interface name ... View more

You can use Threat ID instead. If you click threat Name, you can see threat detail. This window contain threat ID. You can use this as follow: (threatid eq xxxxx) Regards, ... View more

Hi, Usually, PA uses own MGT port as a source port. Are you connecting MGT port to your network and is it reachable from MGT to Win2003? My PA-200 with 5.0.4 is working fine for Dynamic Block List. Regards, Emr ... View more

I think this only works with URL filtering log. Are you trying to parse in traffic log? Regards, ... View more

You can choose profile even you run 4.1 The following doc might help you. How to Tune IPS in PAN-OS 4.1 This also might help you. Regards, Emr ... View more

Hi Phil, Sounds PANOS 5.0 would be nice for you. The detail of threat log looks as below on 5.0.4. You can select profile and also you can use Exempt IP address (this is new from 5.0) Regards, Emr ... View more

Hello, Continue action only works with browser-based traffic, and some of the traffic does not allow you to click continue button. Hence you have to make either : (1)new security rule with forward only action just for the traffics you can't use continue-and-forward (2)just change current fileblocking profile with action 'forward' Regards, ... View more

The following logs are output of debug related to the operation which read-only superuser is trying to view the report. (NOTE: this is in v5.0.3) <request cmd="op" complete="/operations/download/report/predefined/scope/entry[@name='shared']/report-name/entry[@name='top-url-categories']/file-name" cookie="0890887635970713"/> <response status="error"><msg><line>Not authorized for scope shared</line></msg></response> It looks like you have no permission. Because you can't select read-only rights in admin role editor for each report, I might able to guess two thoughts. One is that this result is expected behavior and better result should be not showing report name as 'disable' rights does, another is a bug. For workaround, I agree with jfitz-gerald, you should use admin role with 'enable' rights for reports. Regards, ... View more

Hi, You can edit File Blocking Profile under Objects tab, it's not AV or AS profiles. You can specify application to apply File Blocking in Profile. OR You can completely separate security rule that currently blocking exchange server traffic. New security rule is just for mail traffic with no File Blocking Profile on it. Regards, ... View more