Date

By Source

By Technology

By Services

By Audience

Displaying 10171 to 10200 of 11264

Unable to Change Panorama Objects to "Shared"

Issue After creating objects, it has become necessary to change these objects to "Shared" under Panorama however this check box is grayed out. Resolution This is currently by design. If the "shared" box is not checked while creating the object it will grey out.  Create a new object and check
nrice,
  • 0
  • 1

Unable to Send Email from the Email Server

Issue Emails are not being sent from the email server for notifications (inside Monitor > PDF Reports > Email Scheduler).   Cause If the same email address is defined in the 'Override Email Addresses' list, this will prevent emails being sent to the defined email profile.    Resolution Enter an optional
panagent,
  • 0
  • 0

HA Configuration Out-of-Sync Due to Certificate

Issue The passive unit in an HA pair cannot sync to the active device because it does not have a certificate. When trying to sync the certificate to the passive unit it fails. When trying to add the certificate to the passive unit and perform the sync-to- peer from the
panagent,
  • 0
  • 0

Advanced NAT Example

A client (192.168.69.10) in the VPN Zone needs to access a server on the DMZ with a public IP address (204.68.184.237) not configured on the device. The device should translate the public IP to the private IP of the server (172.25.3.50).  The packet should be seen as sourced from an
panagent,
  • 0
  • 7

URL Variable in Block Page Adds an Underscore Character

Issue An underscore character is added to the URL variable in a block page.   Resolution This is a expected behavior. The Palo Alto Networks firewall will change sensitive characters in a URL to an underscore, to prevent injection attacks from using the PANW response pages (URL block page is
panagent,
  • 0
  • 0

URL Admin Override Not Working with New SSL Certificate

Issue The URL Admin Override does not work with a new SSL certificate. Resolution Make sure that the gateway can resolve the Address field/name that is used inside of the "Edit URL Admin Override Properties" window.  If the gateway cannot resolve the address or name, the override will not work.
nrice,
  • 0
  • 0

Command to Check Summarized Statistics of all Interfaces

Overview Here is the CLI command to check the interface statistics in a summarized manner:   > debug dataplane internal vif link 1: lo: mtu 16436 qdisc noqueue     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00     RX: bytes  packets  errors  dropped overrun mcast     353223081  1580712  0       0       0       0    
panagent,
  • 0
  • 1

GlobalProtect Client Installing in Wrong Directory

Issue The Global Protect client installation is not taking the destination directory specified in the MSI installer. Instead of being installed in the default directory, C:\Program Files\PaloAltoNetworks\GlobalProtect it is putting all the files directly under C:\   Resolution The Windows default path is correct (C:\Program Files\) and the Eventvwr is
panagent,
  • 0
  • 0

VOIP Traffic is Being Dropped

Issue Topology:  Call Manager------PAN------VoIP Following an upgrade, the Call Manager is trying to send RST packets to the VoIP phones to re-initiate the connections. The firewall is not aware of the existing sessions and is dropping all the RST Packets. Resolution The RST packets are being dropped on the Palo
panagent,
  • 0
  • 3

Disabling and Re-Enabling HA

Issue Maintenance work performed on the passive device in a HA pair to avoid traffic interruption has had the opposite affect, causing a failover of the active device to the passive . HA was disabled on the passive unit to replace a power supply, but the failover occurred as soon
panagent,
  • 0
  • 1

A Warm Welcome to the Newest Members of the Technology Partner Program

There’s a lot of technology involved in a modern enterprise network. Some of it is a part of the network itself, some of it is to keep it reliable and secure, and some of it is to keep it running like clockwork. In the best case scenario, these parts snap together like Lego. On the other hand, there are times when it seems like no amount of sweat and glue can get the parts working together. It shouldn’t be that difficult, and for the most part, it isn’t.
Brian Tokuyoshi,
  • 0
  • 5

Palo Alto Networks Expands Technology Partner Program with New Data Center Infrastructure and Mobility Partners

Palo Alto Networks Expands Technology Partner Program with New Data Center Infrastructure and Mobility Partners
Santa Clara, CA
  • 0
  • 345

How to Preserve the TCP URG Flag and Pointer

Details The implementation of the URG flag and pointer is not well-defined in the available RFCs, some operating systems are susceptible to attacks leveraging these fields in the TCP header. Palo Alto Networks firewall will, by default clear the URG flag and pointer.  Shown below are several documents that identify
panagent,
  • 0
  • 0

A QA on Zero Trust

I mentioned in my last blog that we’re kicking off a Data Center Summit starting in Dallas, Texas today. One of the special guests at our seminar will be John Kindervag from Forrester Research, presenting on the Zero Trust Model. If you haven’t yet heard of Zero Trust, check out the video here. With the current state of security attacks on organizations, this new security model, called “Zero Trust” recommends that enterprise take a new architectural approach to securing their networks. Kindervag’s model recommends trusting no one (not even internal …
  • 0
  • 0

Deploying GlobalProtect with an Internal IP Behind an Edge Internet Device

Issue GlobalProtect must be set up on a firewall with an internal IP address sitting behind an edge Internet device:   Resolution Topology: Internal Network > PAN ( 192.168.10.2/24) > (192.168.10.1/24) Internet Router (2.2.2.2/24)---(2.2.2.1/24) ISP   Setup instructions: In the above setup, the Edge Internet Router (2.2.2.2) is performing NAT
panagent,
  • 0
  • 5

Proactive HA Configuration on a Stand-alone PAN Device

This article explains the benefits and configuration requirements to proatively configure HA on a stand-alone device. Owner:  bvandivier
panagent,
  • 0
  • 1

Do not Include Subnet Mask in Service Route Destination Configuration

Issue:   The service route configuration does not funciton if the subnet is used in the destination IP address   Resolution:   Currently by design, a host IP address must be used, rather than a subnet address when configuring the service route destination.       Owner: yogihara
panagent,
  • 0
  • 0

Sesssion Times out When Using TFTP to Export Running Config

Issue:   The session is timing out when using TFTP to export the running configuration from the firewall.   Resolution:   When sourced from an interface address, TFTP is working as expected as it is a protocol in which the response packets do not have matching ports with the request
panagent,
  • 0
  • 2

HA_v4.0.x.pptx

v4.0.xベースで、HA (Active/Passive)の切替り時の動作を纏めました。 HA (Active/Passive) failover behavior with v4.0.x (Japanese only). owner: tnakagawa
tnakagawa,
  • 0
  • 0

IPSec Interoperability Between Palo Alto Firewalls and Cisco ASA

This document demonstrates IPSec interoperability between Palo Alto Network firewalls and Cisco ASA firewall series. We will also detail IPSec configuration, statistics, and CLI outputs from both PAN-OS and Cisco ASA. owner: ksomu
panagent,
  • 0
  • 0

Waledac Returns…and It’s Serving More Than Spam

WildFire has recently detected a new variant of the Waledac botnet, along with a few new modifications. As a reminder, Waledac was a fairly large spamming botnet that was taken down in 2010 when Microsoft was able to take ownership of the many domains used by the botnet. On February 2nd, WildFire began seeing a new variant of Waledac showing up in customer networks and this time its doing more than just sending spam. The new version has upgraded its malicious abilities to include stealing of passwords and authentication data. …
  • 0
  • 0

High Number of HA_ERR_STATE Entries in the Logs

Issue After configuring backup interfaces on a HA cluster, there is no traffic passing through the firewall and the HA_ERR_STATE value is extremely high. Resolution Investigation shows that the HA2 and HA2-backup links are placed in the same VLAN which is causing HA2-HA2 packets to bleed onto the HA2-backup interface
nrice,
  • 0
  • 0

Palo Alto Networks Appoints Steffan Tomlinson as Chief Financial Officer

Palo Alto Networks™, the network security company, today announced that it has appointed Steffan Tomlinson as its new chief financial officer (CFO), effective immediately.
Santa Clara, CA
  • 0
  • 996

How to Configure GlobalProtect Portal with Client Cert Authentication and Certificate Profile

PAN-OS  5.0, 5.1, 6.0, 6.1, 7.0 Overview This document describes the steps to configure GlobalProtect with a client certificate profile when using a client certificate for authentication with or without other authentication methods. The example applied in this document is done with self-signed certificates, but it can also be done
panagent,
  • 0
  • 2

How to Manually Downgrade BrightCloud URL Filtering Database

Overview There can be times that an admin will have to manually downgrade BrightCloud URL Filtering Database, this document explains how. In this example, we will be downgrading to BrightCloud DB version 3.781 (seed file) from January 23rd 2012. Steps Locate the seed file on the Dynamic Updates page and
panagent,
  • 0
  • 1

DNSChanger Rogue DNS Servers Taken Down

Great info from the Palo Alto Networks Product Management Team on the latest events surrounding DNSChanger. DNSChanger is a malware family that has been around for several years now, and at its height controlled the web browsing of some 4 million PCs.  DNSChanger typically masqueraded as a video codec download, and once downloaded would surreptitiously change the DNS servers of the infected host to rogue DNS servers which direct users to pay-per-click advertising networks to earn money for the perpetrators.
  • 0
  • 6

Three Ways Social Media Can Put Enterprises at Risk

In a recent post for ReadWriteWeb (3 Ways Social Media Can Put Enterprises at Risk), I outlined a few IT security “blind spots” that many companies are currently trying to address when dealing with social media applications. As last week’s blog post on our Application Usage and Risk Report findings pointed out, I am convinced that social media is here to stay in the enterprise. To expand upon the points I made in that article, I’d like to add a few additional details to expound on my opinions around approaching …
Rene Bonvanie,
  • 0
  • 1

How Secure Is Your Data Center?

  • 0
  • 1360

Designing Networks with Palo Alto Networks Firewalls

This document shows how to deploy Palo Alto Networks devices into your network. Various scenarios and configurations are described. All scenarios were tested in the field running PANOS 5.0.x code. To download the diagrams and tested configurations, refer to Diagrams and Tested Configurations.
panagent,
  • 0
  • 3

Diagrams and Tested Configurations

This zip file contains the following: A Powerpoint file of diagrams XML files for tested configurations. from the Designing Networks with Palo Alto Networks Firewalls document. owner: tlozano
panagent,
  • 0
  • 7
Displaying 10171 to 10200 of 11264