This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About marcowang
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About marcowang
03-16-2023
3Posts
0Likes
0Solutions
Mar 16, 2023Last Visited
User
Activity
User
Profile
Latest posts by marcowang
| Subject | Views | Posted |
|---|---|---|
| 2529 | 11-26-2012 02:22 AM | |
| 1093 | 09-25-2012 09:15 PM | |
| 1563 | 06-08-2012 11:06 AM |
User Badges
Community Statistics
| Member Since | 02-16-2011 06:11 PM |
| Date Last Visited | 03-16-2023 06:51 AM |
| Posts | 3 |
11-26-2012
02:22 AM
Problem description : Flood log triggered by DoS Protection could not be sent to syslog server. paloalto deploy: v-wire mode PANOS : v4.1.8 Settings in paloalto : 1. Device -> Server Profiles -> Syslog -> Add a syslog server with port 514 and LOG_USER facility. 2. Objects -> Log Forwarding -> Add a syslog forwarding profile, all severity(Informational, Low, Medium, High and Critical) under threat settings are set syslog profile. 3. Objects -> DoS Protection -> Add a flood , type 'classified', enable SYN Flood, UDP Flood, ICMP Flood, and Other IP Flood, those alarm rate and active rate is 10 packets/sec. 4. From trust to untrust zone and untrust to trust zone security policy, apply default antivirus profile and log forward to syslog server. 5. Add a DoS Protection policy, from trust to untrust zone, set protect action, and Classified enabled, choose flood profile set in step3, Address choose 'source-ip-only'. 6 commit all settings. Testing : 1. A client in trust zone, access eicar virus test file, the eicar test file deny log could be viewed in paloalto Monitor -> Logs -> Threat and in syslog server. 2. A client in trust zone, use 'hping' tool to generate tcp flood, the tcp flood log could be viewed in paloalto Monitor -> Logs -> Threat, but syslog is nothing. Could flood log triggered by DoS Protection not be sent to syslog server? The attachment is pa-500 configuration and monitor screenshot. Thanks.
... View more
Labels:
- Labels:
-
Troubleshooting
09-25-2012
09:15 PM
Hello, ms-rdp modified in application version 331. Could paloalto offer more detail modification about ms-rdp in version 331? Thanks.
... View more
Labels:
- Labels:
-
App-ID
06-08-2012
11:06 AM
PANOS : v4.1.6 Model : PA-500 In the isolated LAB, only management port connected on PA-500 and service route operate well via the management port. I make sure the commit is grey after basic configuration (IP/netmask/gateway/DNS/NTP) set, license retrieved and application/threat prevention updated, and dynamic update scheduled, but the commit is not grey after power on for one day. I make sure there is no admin user login and no any config change in this period. And from PA WebUI Device-> Config Audit, compare running and candidate configuration, PA told me these two configuration is identical. Somebody else experienced this issue?
... View more
- Tags:
- configuration
Labels:
- Labels:
-
Configuration
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
03-16-2023
06:51 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks