About mariusz_sawczuk

Mike, you'are definitely right, maybe this is workaround but I agree it works, always Anyway I would like to tackle the problem without external dns hosting services.. ... View more

Ad1. I was thinking about your recomendation how to configure DoS protection regarding described attacks, not sending documents from Knowledge base. Is it possible anyway to prtoect from DoS application layer attacks with Palo Atlo? Ad2. I know about ACC tab, but I was thinking about Manageed Custom Reports, and your advice how to configure such report grouped by seession. ... View more

I've upgraded my PAN device even to PAN-OS 6.0, and still ssh decryption doesn't work properly. I've tried with and without decryption profiles enabled. ... View more

I;m not sure right now, what was previous version but was working correctly. ... View more

In report of 'show session all' I see that PAN recognize skype (even skype IM) as a 'skype' application and there is also skype-probe of course. But I didn;t told you about important thing, and I'm wondering now that is so matter in my case? All my tests I'm doing on my laptop where I have Windows 7 installed, and it hosts virtual enviroment (VMWare Workstation) in whch I have virtual PAN and virtual Windows XP machine installed. All traffic from virtual Windows XP is going through virtual PAN (secured, NATed and routed by virtual PAN), after that NATed to my physical interface (by VMware network mechanism) and after that routed to Internet..From the virtual Windows XP perspective, my Windows 7 host OS (and let say Internet) is in untrust zone. I'm wondering now that could cause some impact for skype? I observe that when I completelty block every traffic/applicaiton on virtual PAN, and when I launch Skype on virtual Windows XP it doesn't work. But when I'm launch Skype on my Windows 7 host OS  and restart Skype on virtual Windows XP it's start wokring and I can do call from Windows XP to Windows7. Well, as I mentioned both machines are zone based secured, but to be honest they have 'shared' network interfaces. Virtual Palo Alto has 3 interfaces: - untrust which is VMnet8 (NATed by VMWare interface) - trust which is VMnet1 (host-only, isolated interface) - trust2 which is VMnet2 (host-only, isolated interrface) Virutal Windows XP has only one interface which is in trust zone and it is VMNet1 interface. Host OS - Windows 7 of course sees alle above interfaces: VMnet8, VMnet1 and VMnet2, becuase it runs VMWare Workstaiton, which creates all this interfeaces. So maybe skype could use it in some magic way nad this cause me problem? If yes how to fix it and block skype? ... View more

Hi, Voice calls are blocked, but chat is still possible. Wold be much more efficient just to completly block user login to skype. Is it possible in general, and if not how to disable chating in skype? ... View more

All is working now For the records - the interface will not appear (even in 'show interfaces all' report command) unless it will be not configured. Thanks for your support ... View more

I did this. I even shut down whole VMware Workstation, but after restart interface doesn't appears on PAN VM. Maybe there is limitation regarding virtual network adapters/interface on VMWare Workstation 9.0 or in PAN VM? ... View more

Thanks for your advice. As you notice, by default I had two interfaces: management and e1/1. For Layer3 deployment I added 3rd network adapter (in preferences of Palo Alto VM), and manualy set to vmxnet3. Palo Alto VM recognize this adater as an e1/2 interface. I need also another one interface, but when I add network adapter and set as an vmxnet3, Palo Alto VM doesn't recognize this interface at all. This adapter does'nt even appeared on the list of interfaces. What's the problem, what I'm doing wrong? ... View more

You're right. I've installed VMWorkstation 9 on my laptop and then VM-300. Now I have access to console of VM-300 and I can do some changes. Hovewer I have networks porblems and I can't upgrade VM-300 and update it. On my lapotp I have only one physical ethernet card. My physical laptop ip adrress is: 192.168.0.25/24, default gateway is 192.168.0.1. VM-300 on Vmware has two interfaces: Network Adapter, Network Adapter2 On VMware settings for VM-300 I've set - Network Adapter as Bridged (Automatic) - Network Adapter2 as NAT After login to VM-300 through console I've set up IP address, netmask, default-gateway and dns server fir management interface: set deviceconfig system ip-address 192.168.0.26 netmask 255.255.255.0 default-gateway 192.168.0.1 dns-setting servers primary 192.168.0.92 of course I do commit,,, But still when I try to ping my physical laptop address (ping host 192.168.0.25) from VM-300, I get: host unreachable and I don't have access to web-gui VM-300 ( https://192,168.0.26 ) from my laptop. What I'm doing wrong? ... View more