Date

By Source

By Technology

By Services

By Audience

Displaying 10141 to 10170 of 11264

Shared Objects in Panorama

Issue Which takes precedence in Panorama, shared or non-shared objects? Resolution Shared and non-shared objects (device group specific) can be created n Panorama.  The device will take the most specific object from Panorama.  If there are shared and non-shared objects with the same name, only the non-shared (device specific) objects
panagent,
  • 0
  • 1

Log Suppression for Ping

Issue When sending pings from client to server some of the sessions aren't logging.   Resolution There is a log suppression feature for ICMP  traffic logs.  The default setting  for log-suppression is "yes". To change this behavior, use the following CLI command: > configure # set deviceconfig setting logging log-suppression
panagent,
  • 0
  • 0

Firewall offloading traffic -- how to disable

Inside of this article you will learn how to verify if traffic is being offloaded and how to disable this feature.   When session traffic is processed by the dataplane of the Palo Alto Networks firewall, session stats and timers will be updated for every packet.   Most of our high-end
panagent,
  • 0
  • 1

How to Verify/Test URL Category in GUI

Details There is an option to allow users to verify/test the URL categorization used from the GUI under Objects > Security Profiles > URL Filtering Profile. This is handy to check while troubleshooting an issue or while configuring new URL's to determine what category needs to be allowed or blocked.
panagent,
  • 0
  • 2

How to Configure SNMPv2 on the Palo Alto Networks Firewall

Overview This document explains how to configure SNMPv2 on the Palo Alto Networks firewall. Steps Begin by configuring the SNMP trap server profile. Go to Device > Server Profiles Click the SNMP Trap link Click the Add button to add a server and choose the version The following fields need
panagent,
  • 0
  • 1

How to Configure Certificate-based Authentication for the WebGUI

Overview:   This article provides the steps to configure certificate-based authentication to the Palo Alto Networks web interface. Note: After enabling this authentication, all username/password logins are disabled for all administrators.  Administrators must  be issued certificates in order to log in.     Links to Latest Procedures:  For the latest procedures,
panagent,
  • 0
  • 4

Enterprises Share More Real-World Examples of Safe Enablement

Last week’s annual RSA Security Conference in San Francisco was an exciting week. There was tremendous buzz and a sense of optimism that permeated the show floor. For us, that sense of optimism was perhaps best expressed through some very poignant examples shared by customers of how their enterprises are successfully implementing strategies to safely and securely enable applications throughout their networks. We heard these stories at our booth, in the hallways and at various networking events throughout the week. We also heard these stories via a customer panel, which …
Rene Bonvanie,
  • 0
  • 0

How to Check the Connectivity to Wildfire and Status of Upload Files

Overview This document describes the CLI commands to verify connectivity to the Wildfire cloud and the status of files being uploaded to it. Details Once the basic configuration is complete, the following command provides the details of the best server selected: > test wildfire registration This test may take a
mvenkatesan,
  • 0
  • 0

Facebook Blocked without SSL Decryption Enabled

Issue Rules have been added to block the Facebook application. and there is no SSL decryption policy, yet Facebook is able to be blocked. Traffic logs also shows the application as 'facebook-base' rather than SSL.   Cause Some websites, such as facebook.com, have been using SSL to deliver content, so
panagent,
  • 0
  • 1

Dynamic Updates for Applications and Threats will not Install

Issue: Dynamic updates for Applications and Threats will not install. Symptoms: Previous versions show as "Unknown" Download appears to have completed Install appears to complete with no errors Manual download and install of Threats and Apps will return an error "Invalid image" Resolution: Perform the following steps: Restart the Management
panagent,
  • 0
  • 1

Customer Blog Post
The Story Behind "The Most Interesting Firewall in the World"

My name’s Kevin Butler and I’m the firewall admin at the University of Arkansas Medical Sciences campus in Little Rock, AK. I’m that guy that either allows or denies traffic over our network. I handle all of our VPN solutions and make certain to the best of our ability that we remain HIPAA compliant since we are a medical institution as well as a teaching one. I’m also a Palo Alto Networks customer. Last week I had the opportunity to attend the RSA Conference. For anyone else that attended and …
  • 0
  • 0

Panorama Logs Missing in CLI but Display in Web UI

Issue Logs are missing in Panorama but are visible when displayed on the Web UI.   Resolution When Panorama writes logs to the NFS mount, it writes with “root” access. When a user, who does not have full admin rights, logs into Panorama, the show commands and the reading of
panagent,
  • 0
  • 0

Does Palo Alto Networks Firewalls Support Atomic Signatures?

Issue Atomic signatures trigger on a single event and do not require an intrusion system to maintain state. The entire inspection can be accomplished in an atomic operation that does not require any knowledge of past or future activities. These signatures consume minimal resources (such as memory) on the IPS/IDS
panagent,
  • 0
  • 0

GlobalProtect Commit Error: "client certificate profile must be defined"

Issue After an upgrade the firewall no longer accepts local management log ins due to the username (admin) and password being incorrect. This was repeatedly verified and the credentials were correct. The job log shows that the auto commit failed. A normal commit on the Web UI also fails with
panagent,
  • 0
  • 0

GlobalProtect Error, "Secure Connection Failed"

Issue Self-signed certificates have been configured for use with GlobalProtect, but the user is now getting the error response, "Secure Connection Failed." when browsing the web.   Resolution When setting up GlobalProtect with self-signed certificates, always make sure the common names on the Root CA cert and the Server cert
nrice,
  • 0
  • 3

Configuring NAT for Multiple Virtual Routers Sharing a Subnet

Issue: In a topology with two Virtual Routers, VR1 and VR2,  sharing a subnet,  VR1 has a public interface on Ethernet 1/1 (100.1.1.10/24) and VR2 has a public interface on Ethernet 1/2 ( 100.1.1.20/24).  Both use the same ISP Gateway, 100.1.1.1/24. Users  need to access a server on a public
panagent,
  • 0
  • 0

GlobablProtect Client Remains in "Connecting" State

Issue: The Global Protect client icon just spins in the taskbar after a reboot and remains in a "connecting" state.  Why doesn't the GP client ever leave the connecting state and load the locally cached portal configuration residing on the client machine? Resolution:   The GP client icon stays in
panagent,
  • 0
  • 0

When is the Custom Report Scheduled Run Time?

Details What does the checkbox "scheduled" under a custom report mean and when does this schedule the report? By default, the scheduled reports run at 2 A.M. system time. owner: achitwadgi
nrice,
  • 0
  • 0

Can Policies be Exported from the Firewall?

Can policies be exported from the Palo Alto Networks firewall to make them easier to view? While there is no export function for policies, use the CLI to view the rules in "set" format. From the CLI, run the command: > set cli config-output-format set From the configure mode: #
panagent,
  • 0
  • 1

User Group is Incorrect and not Hitting Correct Security Policies

Issue In multi-domain environments, if a user belongs to more than one user group then the agent may show incorrect group mapping. Resolution The issue may be due to Server Session Read enabled on the User-Id Agent. This setting should be used only with single domain deployments. The UAdebug log
panagent,
  • 0
  • 1

How does Palo Alto Networks Identify BitTorrent?

Overview How does Palo Alto Networks Identify BitTorrent? Detail A BitTorrent payload begins with: "d1:ad2:id20:", which is a typical DHT Protocol pattern used solely by BitTorrent. The following URL references the DHT Protocol, which includes sample patterns, all beginning with: d1:ad2:id20 http://bittorrent.org/beps/bep_0005.html Reference the following section within the site in
panagent,
  • 0
  • 1

Unable to Log Into Firewall After Importing a Confiuration from Another Device

Issue: The login does not work after importing a running configuration from one firewall to another. Resolution: If importing a running config from another device, login with the local Admin credentials may not be possible. To overcome the problem, save a "named configuration version" and export that config file instead
panagent,
  • 0
  • 0

Applications Timeout on PAN with Riverbed Optimization

Issue: A Riverbed optimization device is situated behind the Palo Alto Networks firewall's interface in the Trust Zone. . Turning on optimization causes applications going out the firewall's WAN interface to time out quickly. Traffic is being categorized properly as “riverbed-rios”, but when viewing the session from the CLI, it
panagent,
  • 0
  • 1

The Power of Customers Telling Their Story

Onstage today at the RSA Conference four of our customers agreed to no longer being seen by their co-workers as ‘the stop police’ or ‘yes men.’ They are granting a lot more access than ever before and ironically achieving more control in exchange. These customers say they now have application- and user-based rules that help their respective companies to expressly reap the business benefits of web applications.
  • 0
  • 0

Continue Page in HA Active/Active VWire (Virtual Wire) Configuration

Issue: In a HA Active/Active VWire topology it is not possible to send a redirection for a URL block page when the session is going through the device that is not the session owner. Resolution: In an Active/Active VWire environment, where the session owner is set to "primary device" the
panagent,
  • 0
  • 1

Palo Alto Networks at RSA Conference 2012

It’s that time of the year again; RSA Conference 2012 began yesterday and we couldn’t be more excited. For those of us who make information security a part of our daily lives, this event offers a unique opportunity to interact with our peers, share knowledge and show our customers and potential clients how Palo Alto Networks stays ahead of the latest security issues.
  • 0
  • 0

How to Export a Candidate Configuration

Overview This document describes how to export a candidate configuration.   Steps   Save the candidate configuration under Device > Setup > Operations. The candidate configuration can be saved using the option Save named configuration snapshot. Enter the desired file name. Select Export named configuration snapshot:   Note: The Save
panagent,
  • 0
  • 0

Unable to Access Configuration Management Using Role-Based Admins

Issue A Palo Alto Networks firewall administrator account is configured with a custom Admin Role defined with full web UI access. However, this administrator account is unable to access the Configuration Management menu under the Device > Setup > Operations tab.   From PAN-OS 5.0 and above:  The Configuration Management
nrice,
  • 0
  • 0
Displaying 10141 to 10170 of 11264