This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About das
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About das
08-18-2015
18Posts
2Likes
1Solution
Aug 18, 2015Last Visited
User
Activity
User
Profile
Latest posts by das
| Subject | Views | Posted |
|---|---|---|
| 1810 | 04-25-2013 03:05 PM | |
| 1912 | 04-25-2013 02:38 PM | |
| 7324 | 04-12-2013 08:06 AM | |
| 1702 | 04-11-2013 01:55 PM | |
| 1353 | 03-27-2013 09:24 AM | |
| 4033 | 03-21-2013 07:46 AM | |
| 8583 | 03-12-2013 06:42 AM | |
| 2185 | 03-06-2013 02:52 PM | |
| 2059 | 03-05-2013 11:48 AM | |
| 2255 | 03-04-2013 09:33 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 02-25-2013 08:39 AM | |
| 1 Like | 03-04-2013 09:33 AM |
User Badges
Community Statistics
| Member Since | 11-05-2012 11:53 AM |
| Date Last Visited | 08-18-2015 09:06 AM |
| Posts | 18 |
| Total Likes Received | 2 |
04-25-2013
02:38 PM
When looking at the threat logs the vulnerability for spyware shows my servers as the attacker in the outbound direction. I have an inbound/outbound anti spyware policy and it caught jboss trying to access my network. Why does it show my servers as the attacker in the logs when the connection was initiated from the outside?
... View more
04-12-2013
08:06 AM
Does anyone know what exactly the differences are between a commit and commit force? Does the commit force disregard error messages and commit an otherwise 'bad' config that could result in errors? Does it reorder the commit process? Does it cut off or restart a special process or server function to allow commit changes to take place? One thread mentioned "Indeed the "commit force" command will submit the whole configuration" from here another references the admin guide " > force — Forces the commit command in the event of a conflict" here but other references say it has solved problems almost here and here with no real explanation as to why you would want or not want to commit force. Does anyone have information on this? I ask because I had someone ask me the same thing and all I could really say was "it's like a commit on steroids, it just works".
... View more
Labels:
- Labels:
-
Troubleshooting
04-11-2013
01:55 PM
Is there a matrix or list of items that describes each of the plane functions? I know there is a management & data plane on the Palo but I'm not sure where to place the 'control' functions such as routing updates or switching path information and caching. For example, if you restart the mgmt plane, will this trigger HA failover? I am guessing (because I don't know) that the failover would take place. Because if the interface receives a heartbeat, the heartbeat 'ping' would be destined for the device itself and need to be processed by the route processor which resides in the mgmt plane, right? The fact that there is a separation of mgmt and data plane implies a table that is created from the control/mgmt plane to switch packets like a graceful restart when the managment plane is restarted. Is this the case? I'm aware of the single pass architecture but does the network processor on the data plane process packets destined for the device itself? If anyone could provide a listing of such things that would be greatly appreciated!
... View more
03-27-2013
09:24 AM
Use the OCSP Responder (Online Certificate Status Protocol Responder) page to define a server that will be used to verify the revocation status of certificates issues by the PAN-OS device. When generating new certificates, you can specify the OCSP Responder that will be used. To enable OCSP, go to Device > Setup > Sessions and under Sessions Features click Decryption Certificate Revocation Settings . Field Description Name Enter a name to identify the OCSP responder server (up to 31 characters). The name is case-sensitive and must be unique. Use only letters, numbers, spaces, hyphens, and underscores. Host Name Enter the host name of the OCSP responder server that will be used to check certificate revocation status for your devices.
... View more
03-21-2013
07:46 AM
Is there a list of known bad IP addresses? I would like to include a dynamic block list in my policy but I don't have a list of known bad IP addresses. Does Palo Alto have a canned list of IPs that I can reference to insert into my policy?
... View more
03-06-2013
02:52 PM
I recently purchased a firewall with a 1 year support contract. I received it three months ago and haven't had time to deal with it. When is the official start date of my support contract? Do I have a certain amount of time to register the box before it's invalid? I know if I register and activate the box the support contract starts immediately but is this also the case if I'm just too busy and can't get around to it until after a while? To stretch it even further, what if a year goes around and I haven't even touched the firewall?supo
... View more
03-05-2013
11:48 AM
Yeah I figured it was more of a 'starter' policy/plan than a maintenance solution.
... View more
03-04-2013
09:33 AM
1 Kudo
What is the benefit of Panorama templates? It seems like when creating a template and pushing it out to a device, it doesn't warn you when you are overwriting device configuration. For example, I have a layer 3 interface 1/10 and my template has interface 1/10 for tap. When pushing the template out, it overwrites the layer 3 interface without a warning.
... View more
- Tags:
- panorama_templates
03-01-2013
11:56 AM
1. Does anyone know the inspection depth in terms of layer? 2. But this would continue to download the file and not block it? 3. The everything was pertaining to the file itself. For example, if I had an exe in a zip and I selected to forward that to wildfire, would wildfire be able replicate everything the file was designed for? 4. So there isn't a foward-and-maybe I'll click on it later once wildfire has analyzed it? The PA can act as a proxy much like the SSL decryption and say "Hey, I see you don't know what this file is and you don't want to download and THEN send it, so I'll download it for you, forward it for you and then let you know if it's good or bad" That way, the host machine won't find out later after being infected. 5. Probably a feature request for non-admins of the PA device.
... View more
03-01-2013
09:44 AM
If you have an 8 port LAG the sessions still go out 1 and 2 for odd and even? Or do they go in a round-robin fashion where the first odd session goes out port 1 and the next out port 3 and so on? After the session has established it's physical port it is then load-balanced by the last three bits based off IP modulo source IP?
... View more
03-01-2013
09:14 AM
Is there more information on this? Suppose I have 4 ethernet interfaces in an aggregate group, when a frame hits the aggregate group software, how does the Palo choose which of the 4 interfaces the frame goes out of and what algorithm does it use. If it's static, does that mean it goes out all interfaces as a pseudo broadcast?
... View more
03-01-2013
08:36 AM
The first question I have is how many layers will the file blocking inspect? For example, a zip in a zip has an exe that is malicious. If the PA doesn't inspect that far down wouldn't I be able to get through the firewall inspection? If the above is true and I am the security network guy that wants to block this behavior, could I set up wildfire to forward-and-continue to block this? In other words, I am aware that the limit is 4 layers deep (if that is actually the depth) and I want to make sure this is not a limitation I would want to set up wildfire to forward .zip files that could potentially have malicious data the normal file blocking mechanism can't see. Also, is wildfire able to tear down a file in such a way that EVERYTHING is seen in the file and run the way the attacker wants it to? Could a file potentially be flagged benign when it's actually malware in wildfire? If forward-and-continue is on and I deny the file can I get an email notification saying whether or not it was benign or malicious so that i don't have to log into the firewall and check every so often? I'm thinking of an entry box with something to the affect of "Enter you email for results" and then it emails the results.
... View more
- Tags:
- wildfire
02-25-2013
08:59 AM
As seen in the guide: Security policy PAN-OS provides two methods to enforce security on multicast feeds. Multicast groups can be filtered in the IGMP and PIM group permission settings specified on an interface level. Multicast traffic must also be explicitly allowed by security policy. A special destination zone known as “Multicast” has been added and must be specified to control multicast traffic in security, QoS, and DoS protection rules. In contrast to unicast security policy, multicast security policies must be explicitly created when the source and destination interfaces are in the same zone. Security profiles are supported in multicast environments that require threat prevention capabilities. Also: Group Permissions Specify general rules for multicast traffic: • Any Source —Click Add to specify a list of multicast groups for which PIM-SM traffic is permitted. • Source-Specific —Click Add to specify a list of multicast group and multicast source pairs for which PIM-SSM traffic is permitted.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
08-18-2015
09:06 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks