Other than obliterating productivity, Facebook represents a substantial security risk in the corporate world. However, it's also becoming a powerful marketing tool. So, how do you leverage Facebook without opening the company up to all kinds of malware?
Details The following commands will allow the user to close out sessions once a certain limit is reached: # set deviceconfig setting session accelerated-aging-threshold <50-99> set accelerated aging threshold in percentage of session utilization #set deviceconfig setting session accelerated-aging-scaling-factor <2-16> set accelerated session aging scaling factor (power of
Overview This document describes the steps to create a Custom URL Category list, use the list in a URL Filtering profile, and then applying the profile in a security policy. Steps For PAN-OS 4.1 and 5.0, go to Objects > Custom URL Category and click Add For PAN-OS 6.0 and
Issue When trying to get URL or dynamic updates, the following error appears: Failed to get response from device server. Please try again later. Cause The device server on the Palo Alto Networks firewall may need to be restarted. Resolution Run the following CLI command: > debug software restart device-server
Overview From the WebGUI, under Device> Dynamic updates, there is an option to click "Revert" besides the previously installed Antivirus, Applications and threat and the URL database version. However, if newer versions of the content files are available, the previously installed version may not appear on the Web-UI. In this
Steps Log into the Customer Support Portal (https://support.paloaltonetworks.com). Verify the Current Account is the account that owns the asset. If not, click the Change Account link and select the correct account. Click Assets. In the Devices table, find the device, then click on the download icon next to the license.
Symptoms A PAN device in location A has an IPSEC tunnel terminating at a firewall in location B. There is a phone switch located behind the Juniper device. Phone users are unable to use standard 4-digit dialing to any extension within the system, though they are able to complete calls
Use the request support info and request support check commands to verify the status of a support license. The output of each command should match. For example: > request support info Support Home https://support.paloaltonetworks.com Manage Cases https://support.paloaltonetworks.com/index.php?option=com_pan&task=viewcases&Itemid=100 Download User Identification Agent https://support.paloaltonetworks.com/index.php?option=com_pan&task=sw_updates&Itemid=135 866-898-9087 firstname.lastname@example.org January 15, 2012 Premium 24 x
Overview This document describes the CLI commands that can be used to verify a successful connection to the BrightCloud server. Details Command to test BrightCloud connectivity >debug device-server test url-update-server This command will return either “success” or “failure to connect to url update server”. Command to manually load the BrightCloud
Overview Shared gateways allow the user to create a common virtual interface, or shared gateway, for the virtual systems that correspond to a single physical interface. Details To view the maximum number of shared gateways use the CLI command: >show system state | match cfg.general.max-shared-gateway The charts below provide a
Enclosed are the perl scripts and document explaining how to create Network, Network Ranges, Hosts, Services, and Group Objects and load them into the Palo Alto Networks device. The purpose is to create the objects from a list of entries. The format of the entries are given below: networkname
Steps Create a management profile (Named MAN for this example, allowing SSH, HTTPS and Pings) > Configure # set network profiles interface-management-profile man ssh yes # set network profiles interface-management-profile man https yes # set network profiles interface-management-profile man ping yes Add interface management profile ”MAN” to an interface (L3
In the event of a failover in an HA pair, and a device transitions from a non-active state to active state, the following happens: A request is made to enable all physical links Two gratuitous ARPs (GARPs) are immediately sent. Eight GARPs are scheduled to be sent in 1
Overview This document describes the CLI commands that can be used to verify a successful connection to the LDAP server for pulling groups. Details During LDAP server configuration, the device automatically pulls the Base DN if the connection is successful. The Base and Bind DN are configured under Device
Overview Depending on the network design, it may be necessary to change the default heartbeat timer. Details A "heartbeat-interval" CLI command was added to the election settings for HA, this interval has a 1000ms minimum for all Palo Alto Networks platforms and is an ICMP ping to the other device
Overview A key feature of the Palo Alto Networks firewall is mapping usernames to IP addresses. Once the Palo Alto Networks firewall knows the names associated with IP addresses, the firewall can: Log this information Control traffic based upon a particular username or group The firewall uses two methods to
The Spyware Infected Host Report shows the top PCs hit by spyware during the indicated period. This is a high level report identifying the victims irrespective of the source or even specific spyware type. The IPs listed are the destinations (i.e. they are on the receiving end of the spyware).
Frequently Asked Questions Can the OSS be configured for remote management? Yes, a management IP can be configured on the OSS for remote management. Can the software be kept up-to-date even though it has no licensing? App-only content can be updated from Panorama but PAN-OS needs to be
The attached spreadsheet details key hardware specifications for all Palo Alto Networks devices . Note: Input voltage, frequency, power factor and input current are based on power supply ratings. Input voltage Input frequency Power factor Maximum input current Average/max power consumption Noise level in dBA MTBF CPU DRAM Flash ASIC
The life of leisure has been postponed. Instead, Michael Lehman has gone back to the future in a sense, taking on the CFO role at Palo Alto Networks, a pre-IPO company in the enterprise network-security industry.
SNMP traps for logical interfaces According to RFC 1213 the MIB will include only standard interface table. The traps are only for the system and interface groups that are incorporated in the MIB are supported. PAN-OS 7.0 supports logical interfaces. When running versions of PAN-OS up to 6.1.x ,
The following applications currently cannot be decrypted by the Palo Alto Networks device. If SSL decryption is enabled for any of the following applications, the SSL decrypt engine will fail to decrypt these applications and therefore the session will be dropped by the device. These applications are added to an
The following CLI command will allow you to export the logged data from Panorama: >scp export logdb to username@hostpath >Note that you need to add a filename. An example :< > scp export logdb to email@example.com:/Users/user/filename.tar.gz Password:******* >
Gartner’s research on next-generation firewalls and how they are changing the enterprise firewall marketplace is pretty compelling. And the recommendation to migrate from traditional firewalls and IPS to next generation firewalls at refresh time is very clear. Here’s your chance to hear from Greg Young, Gartner Research VP, and one of the authors of the 2010 Enterprise Firewall Magic Quadrant. And catch the premier of what is likely to be one of the hottest movies of the year. Iron Man 2 is premiering on May 7th – and for our …
One of my colleagues recently observed that 2010 is the year when every firewall vendor jumps on the “application control” bandwagon and says they do what Palo Alto Networks does. Specifically identify and control applications. Firewall vendors are taking the path of least resistance to address the application control requirement by adding application signatures to their IPS.
When confidence scores are tied between 2 or more categories, the firewall will take the most egregious category. Here's the prioritized list of categories with the most egregious at the top: Note: Hacking, gambling, weapons, etc. are at the bottom of the list because BrightCloud analyzed these categories across a