Date

By Source

By Technology

By Services

By Audience

Displaying 10411 to 10440 of 11407

2011: The Year of Me.

Yes, the year of me. The year of: I will use whatever app I want and you can’t stop me. Social networking, Google apps, streaming media, web mail, instant messaging, and file sharing of all types – are all running rampant on our networks – right beside SAP, Jive, salesforce.com, and GoToMeeting.
Rene Bonvanie,
  • 0
  • 0

What Does Device 'Profile Compiler: Block patterns dlp parsing error mean?'

There is an error in a custom pattern.  You need at least 7 characters for a pattern match (8 to be on the safe side), or before any regex expression. owner: panagent
panagent,
  • 0
  • 0

Is it possible to customize the thresholds used for brute force attack signatures?

Overview This functionality is available in the custom objects definition: This can be found/created inside Objects > Custom Objects > Vulnerability. Select the Combination instead of Standard signature. Define the signature, either a custom or predefinded signature. Apply a time attribute to the signature, which is the threshold count over a specified
panagent,
  • 0
  • 0

How to allow LinkedIn but block LinkedIn Mail application

The following Applipedia screenshot shows the subdivision of LinkedIn Mail from LinkedIn Base, which is the general Application. If you allow the LinkedIn Base Rule, then succeed it with a new rule of blocking the LinkedIn Mail application (followed by a Commit); this will allow LinkedIn but block the Mail
panagent,
  • 0
  • 1

What Happens to the Logs if Panorama is Unavailable?

If Panorama is unavailable, the Palo Alto Networks firewall will store-and-forward the logs. This means that the logs are stored on the firewall and then forwarded to Panorama once connection is reestablished.   owner: gserrano
panagent,
  • 0
  • 0

How to Check the DHCP logs?

DHCP logs appear under the System Logs when the IP address lease expires or when there is a duplicate IP allocation request. To view the logs from CLI, run the following command based on the PAN-OS version running on the device: PAN-OS 6.0 > less mp-log pan_dhcpd.log Prior to PAN-OS
panagent,
  • 0
  • 0

Unable to Delete Old Software via GUI or CLI

Issue Attempted to delete the old software version via the GUI or CLI, the following error is returned: Can't purge image 'panos-4.0.1 installed on active or backup sysroot Resolution The error indicates 4.0.1 is currently installed on the second partition, which can be verified from the CLI with the command:
panagent,
  • 0
  • 3

How Does Detection of Bittorrent Work on the Palo Alto Networks Firewall?

Details Due to the way the Palo Alto Networks firewall handles detection of p2p apps, the user may see a confusing startlog indicating that bittorrent is allowed, even though a deny rule is in place and the traffic is actually denied.  The following is an explanation of how the detection
panagent,
  • 0
  • 0

How to Configure Email Alerts

To configure email alerts Create a profile for your email server: Go to Device > Server Profiles > Email then click Add.Name your profile, determine the appropriate VSYS if applicable, fill in the Servers tab and Custom Log Format tab if desired.  Click ? for help with information on the
panagent,
  • 0
  • 2

What Do the CPU Usage Values Mean?

Overview Run the following CLI command: > show system resources Returns: Cpu(s): 28.9%us, 16.0%sy, 4.9%ni, 48.9%id, 0.8%wa, 0.0%hi, 0.5%si, 0.0%st     us user Percentage of CPU time running user-initiated programs, such as  running queries and reports sy system Percentage of CPU time running system-initiated programs, kernel processes ni nice
panagent,
  • 0
  • 1

Is it Possible to Create a Single Policy to Allow Specific Applications and Specific TCP Ports?

Combining applications and services in a single rule can be done, but only if they are associated with each other.   Examples: App web browsing - service tcp80 will limit the traffic for that rule to port 80 and any traffic identified as something other than web browsing will be
panagent,
  • 0
  • 1

Is there a default Master Key?

When you set the Master Key for the first time, you can leave the "Current Master Key" field blank or enter a new key and give a time period for validity.  Any future changes to the Master Key will require you to enter the current Master Key.   owner: panagent
panagent,
  • 0
  • 0

Configuring RAID and disk backup on PA-5000 series

HDD storage options on PA-5000 series. owner: panagent
panagent,
  • 0
  • 0

How to Save an Entire Configuration for Import into Another Palo Alto Networks Device

Overview Importing an entire configuration into another Palo Alto Networks device may result of a device failure, replacement, or migration. The device configuration and security policy can be successfully exported and imported between devices as long as the following criteria are met: Identical hardware model (PA-500 to PA-500, PA-5020 to
panagent,
  • 0
  • 0

IPv6 Support on the Palo Alto Networks Firewall

This article is outdated, please refer to this article for up-to-date information: IPv6 Support by Feature     IPv6 Feature Support Current information for IPv6 support on the Palo Alto Networks firewall is available at the link below. For further information, a link to a white paper on IPv6 is
panagent,
  • 0
  • 1

What is the recommended ambient temperature for a data center in which a Palo Alto Networks firewall is located?

Overview The chart below provides the minimum and maximum range of environmental temperatures all Palo Alto Networks firewalls can tolerate.   Environment Fahrenheit Celsius Ideal operating temperature 32o to 80o F 0o  to 27o C Operating temperature 32o  to 122o F 0o  to 50o C Non-operating temperature -4o  to 158o
panagent,
  • 0
  • 0

What is the Maximum Number of Characters for an IPSec Pre-Shared Key?

PAN-OS 7.0 and below: The limit for a pre-shared key is 64 characters.   owner: panagent
panagent,
  • 0
  • 0

How does the GlobalProtect Client get a New Configuration?

Issue How and when does the GlobalProtect client get a new configuration?   Resolution The GlobalProtect client configuration is refreshed when: The GlobalProtect client is launched when logging into the system. The network is rediscovered from the GlobalProtect icon in the task tray.   Launch GlobalProtect client UI (when logging
panagent,
  • 0
  • 1

How to Reset the Administrator Password

Recovering the administrator password is not possible--the password must be reset as follows: Boot into maintenance mode and load a previously saved named config. To boot into maintenance mode, connect to the console via the console port and a terminal software. Reboot the firewall and keep pressing 'm' (or 'maint'
panagent,
  • 0
  • 1

Does application override adversely affect Threat ID?

When you create a custom app but don't use it in app override, it will participate in the appid process, so packets will be inspected up to Layer 7 and a corresponding application will be assigned to it.   Example: If you build a custom app that triggers on a
panagent,
  • 0
  • 1

Dynamic URLs are not resolving

Issue Dynamic url's keep coming up as not-resolved. Service.brightcloud.com is reachable and updates are being downloaded normally. Resolution Captive Portal was blocking dynamic url: captive portal policy triggered on http, not https (dynamic updates are downloaded over https).  Also, captive portal was capturing DNS resolution queries from management, added no-captive-portal
panagent,
  • 0
  • 0

Proxy ID Mismatch

Issue Proxy ID's are configured for a netmask of /32, while the remote end is negotiating a mask of /16 Resolution Proxy ID's need to be identical on both VPN peers for negotiation to be succesful. owner: tpiens
panagent,
  • 0
  • 0

How to Set OSPF Password

Overview This document describes how to set an auth profile (simple or md5). Details From the Web UI: Go to Network > Virtual Routers > OSPF and click Add under Auth Profiles to set the auth profile. Commit the configuration From the CLI: Goto configure mode: # configure Run the
panagent,
  • 0
  • 0

Native VLAN Configuration

Details Setting a VLAN as a native VLAN on Cisco turns off tagging. The Palo Alto Network device has no concept of "Native VLAN". The logical interface assigned to the physical interface would be the interface to accept untagged vlans. If the following interfaces are created: Eth1/1 ---- Untagged Traffic
panagent,
  • 0
  • 1

Cannot import certificate for SSL Decrypt

For SSL Decrypt a Subordinate CA Certificate in PEM format is needed. MS defaults to PFX, convert the file to PEM. Instructions are provided here: How to Create Subordinate CA Certificates with Microsoft Certificate Server owner: skrall
panagent,
  • 0
  • 1

How to Migrate Panorama to a Different VM Server

Overview Panorama has 3 possible options at install: Create a very large disk partion and install Panorama and DB (Seldom used) Create 35G partition for Panorama and then an external Disk, up to 2TB for log storage. 35G Panorama image and log to NFS mount. If option 2 is performed,
panagent,
  • 0
  • 0

General Port/Interface Information

Default configuration for a PA500 (as an example)  is as follows: Eth1/1 = Vwire, Zone = untrust Eth1/2 = Vwire, Zone = trust Eth1/3 = Unconfigured Eth1/4 = Unconfigured Eth1/5 = Unconfigured Eth1/6 = Unconfigured Eth1/7 = Unconfigured Eth1/8 = Unconfigured Once you configure a port as a L2 or
panagent,
  • 0
  • 5

OSPF not Advertising Connected Routes

To advertise the connected routes: Create a Distribution Profile under Network tab > Virtual Routers> New > Redistribution Profile Select" Connected" and "Static" routes. Add the applicable subnets/mask as filters for advertising. Choose the applicable interfaces. In the OSPF tab, add the profile and the default route "0.0.0.0/0" to be
panagent,
  • 0
  • 0

How to Run a Packet Capture

Overview This document describes the basic steps and commands to configure packet captures, to start and stop the captures, and to manipulate the collected capture files. It is intended to provide an overview of the process using the most commonly used options. In order to get a better understanding of
panagent,
  • 0
  • 5

OSPF not announcing a Default Route

Details There is an OSPF virtual router configuration with two interfaces. One interface (int1) is part of the default area (0.0.0.0) whereas the other one (int2) is not. There is a static default which points to the next hop on the non-OSPF interface network. Want to announce or generate a
panagent,
  • 0
  • 1
Displaying 10411 to 10440 of 11407