About bat

Sarun Each ID handle different type of traffic that can exploit this vulnerability and thus will be hit when that traffic tries to exploit it. 36729 (for HTTP request header), 36730 (for DHCP), 36731 (HTTP request parameters), 36732 (SMTP), 36736 (FTP), 36737(SIP) Threatvault links: https://threatvault.paloaltonetworks.com/Home/ThreatDetail/36729 https://threatvault.paloaltonetworks.com/Home/ThreatDetail/36730 https://threatvault.paloaltonetworks.com/Home/ThreatDetail/36731 https://threatvault.paloaltonetworks.com/Home/ThreatDetail/36732 https://threatvault.paloaltonetworks.com/Home/ThreatDetail/36736 https://threatvault.paloaltonetworks.com/Home/ThreatDetail/36737 Hope it helps ! ... View more

craigmueller You should look into Monitor > Custom Reports > Threat in "Summary Database" or Threat or URL in "Detailed Database" . Hope it helps ! ... View more

Shannon-Rowe I don't think you cannot have three units as a part of cluster. I will suggest running OSPF with the route SiteB as a lower metric, so in case SiteA goes down it fails over to SIteB Hope it helps ! ... View more

bdunbar Did you check the pre-logon feature available in globalprotect: GlobalProtect Administrator's Guide 6.0 (English) I think that might be feature you are looking into Hope it helps ! ... View more

markk96 I see you have mentioned earlier that you removed "skype-probe" so is it not mentioned in any of the security rules ? skype-probe should be allowed in one of the security rules for it to work as mentioned in the document. ... View more

Have you tried changing the service from "application-default" to "any" for those security rules ? ... View more

Thanks for the update, do let us know how it goes ... View more

Please also go through this document: Skype is not Blocked for Computers Entering Network with Skype Already Signed In ... View more

Hi olek These documents might be helpful: Troubleshooting GlobalProtect, PAN-OS 4.1 GlobalProtect Administrator's Guide 6.0 (English) ... View more

Hi markk96 As per this article: How to Block SKYPE you should not block skype-probe: "Skype-probe needs to be allowed. Skype-probe runs over port 80 and is used to setup initial connections. When Skype-probe is blocked, the application will encrypt the communication and start using alternate open ports which is why it needs to be allowed." Have you already tried that ? ... View more

Hi ZEBIT Could you please attach the snapshot or mention how the NAT and security policies are configured for this server cluster located in DMZ zone ? ... View more

GavinPalmer Welcome to forums. I might be wrong but I think in screen OS you specified the NAT in the security policy itself which was from Untrust to Trust if your server is located in Trust. But in PaloAlto, you will be creating two policies one for NAT and the other for security policy and the tricky part being NAT policy will be from Untrust to Untrust with destination as public IP of your server. Also the security policy will be from Untrust to Trust with destination as public IP of your server. Let us know if you face any issues. ... View more

ma.miller Welcome to forums. You can use any common name for the certificate just the requirement is that the CA that issued the certificate must be in the Trusted Cert Store. There is need to install the certificate itself, just the CA which assigned that certificate. If the certificate was self signed then you need to import the certificate. Hope it helps ! ... View more

Could you also check the domain controller logs at the same time ? Also make sure the user has not been locked out due to multiple failure attempts. Hope it helps ! ... View more

Could you type following command on CLI: tail follow yes mp-log authd.log Now try to login through global protect and paste the output of above command here. ... View more