When the Palo Alto Networks device is configured to decrypt SSL traffic going to external sites it functions as a forward proxy. In this scenario the Palo Alto Networks device intercepts the client SSL request and generates a certificate on the fly for the site the client was visiting.
Steps To identify a URL being incorrectly reported as malware by the Palo Alto Networks device, the following information should be provided: URL of site. Which URL database is being used? > show system setting url-database Which PAN-OS and DB version is in use? > show system info Verify that
Symptoms When using a source NAT with dynamic-IP allocation, an error response is received on some Web portal links. In this specific case the user was able to login to the PAN Support Portal, but received the following error when attempting the link to KnowledgePoint. This issue can also occur
Overview Dead Peer Detection (DPD) refers to functionality documented in RFC 3706, which is a method of detecting dead Internet Key Exchange (IKE/Phase1) peers. Tunnel Monitoring is a Palo Alto Networks proprietary feature that verifies traffic is successfully passing across the IPSEC tunnel in question by sending a PING down
The RSA Conference is wrapping up, and it was a much more upbeat experience than the past couple of years. Exhibitors were happy with the booth traffic, many interviewed executives reported sizable year-over-year revenue gains, and most were optimistic about prospects for the balance of 2010.
The following alert occurs when a new content version is installed on the Palo Alto Networks device. An email alert is sent upon completion of the database compilation to let the administrator know that new content has been applied. domain: 1 receive_time: 2010/02/25 14:16:20 serial: 0002A100577 type: SYSTEM
Palo Alto Networks suggests using the following settings for port allocation on the Terminal Server Agent: If the Port Allocation Start Size per User is set to 400 and the Port Allocation Maximum Size per User is set to 4000, each time a user takes up 400 ports the
Overview Before installing the Terminal Server (TS) Agent, make sure that the following requirements are met : Verify the requirements in the Release Notes of the version of Terminal Server (TS) Agent to be installed. The administrator on the terminal server needs to install the TS Agent. The TS Agent
Overview This document describes useful commands for verifying and troubleshooting DHCP. Details To display and clear DHCP leases: >show dhcp server lease all ( or specify interface) interface: ethernet1/4 ip mac state duration lease_time interface: ethernet1/10 ip mac state duration lease_time 192.168.89.100 00:18:8b:b2:1b:b6 committed 0 Mon Dec 14 08:43:10
When setting up a VMWare client to support Panorama, block sizes allowed by VMWare should be taken into consideration. While VMWare can add additional disk space to the existing volume at a later date, the PAN-OS which runs Panorama uses MakeFS to format a partition of a fixed size so
Next-generation firewalls from Palo Alto Networks combine three identification technologies to provide the unprecedented visibility and policy control over applications, users and content – all in a high-performance firewall platform.
Details Althought it's not possible to import a custom logo for the captive portal block page, the browser can be redirected to a site with a file containing the logo. The browser must be able to reach the file in order for this procedure to work. An example of a
Details Run the following CLI command to view the system limits on a Palo Alto Networks device: > show system state filter cfg.general.max* Sample output from a PA-4020 firewall: > show system state filter cfg.general.max* cfg.general.max-address: 10000 cfg.general.max-address-group: 1000 cfg.general.max-address-per-group: 500 cfg.general.max-appid-pkts: 65536 cfg.general.max-appinfo2ip-entry: 8192 cfg.general.max-arp: 20480 cfg.general.max-blacklist: 25000
In most cases, this is caused by objects in the policy being referred to but haven't been committed yet. To get around this: Restore to the running configuration (details below) Make the same changes but perform a commit regularely and after creating the new objects. This will assure that the
The Palo Alto Networks firewall uses the Luhn algorithm, the most commonly used algorithm to verify credit card numbers. This method allows the firewall to recognize a valid credit card number from a regular number containing the same number of digits. owner: panagent
This is expected behavior. Gnutella is the program from which many peer-to-peer file sharing apps are sourced, which includes Limewire. The firewall identifies and classifies the related programs as Gnutella. Applications based on Gnutella are listed below. When any of these apps are detected, they will be classified as
The Palo Alto Networks firewall sources the BrightCloud download from the out-of-band management interface. If the management interface does not have access to the internet, or if it is being blocked by the firewall, a error message similar to the one below may be received: 2010/02/22 00:40:11,0003A100585,SYSTEM,general,0,2010/02/22 00:40:11,,unknown,,0,0,general,medium,Dynamic URL connection
Details The following command can be used to monitor real-time sessions: > show session info ------------------------------------------------------------------------------- number of sessions supported: 131071 number of active sessions: 7501 number of active TCP sessions: 5503 number of active UDP sessions: 1980 number of active ICMP sessions: 16 number of active BCAST sessions:
PAN-OS: 5.0, 6.0, 6.1 Overview This document describes how to view the configuration in "set" and "xml" format from the CLI on the Palo Alto Networks firewall. Steps Run the following command to view the configuration: "set" format: > set cli config-output-format set "xml" format: > set cli
PAN-OS 3.1.0 and later: The following CLI commands clear the cache: App-ID debug dataplane reset appid cache cache statistics statistics unknown-cache Clear all unknown cache in dataplane SSL debug dataplane reset ssl-decrypt certificate-cache Clear all proxy certificate cache in dataplane certificate-status Clear all proxy certificate CRL status
The User-ID software reads user and group information from an Active Directory server and forwards the learned information to a Palo Alto Networks firewall to allow using domain user and group-based policies. This document covers the configuration required when NetBIOS probing is disabled. Disabling the NetBIOS probing option is recommended when the
Overview Static ARP (Address Resolution Protocol) entries reduce ARP processing and preclude man-in-the-middle attacks for the specified addresses. Steps Navigate to the ARP entry configuration: On the WebGUI, go to Network > Interfaces > Ethernet. Select the appropriate L3 interface. Click Advanced. Click ARP Entries. From the CLI
Overview Policies can be set to perform configured actions on session traffic at scheduled times and days. Steps On the WebGUI, go to Objects > Schedules then click Add. Choose daily, weekly or non-recurring. To select multiple days during the week, choose weekly, day of week, start time, end time,
Details If a packet larger than the configured MTU (Maximum Transmission Unit) is received, and the DF (Don't Fragment) IP option is set, the firewall returns an ICMP "frag-needed" message, notifying the sender that a smaller MTU is needed. For more information, see Scenario A in How the Palo Alto
Overview When committing a configuration change on a managed Palo Alto Networks device through Panorama, the following occurs: The managed device validates the configuration, adds it to the job queue, and sends a jobID back to Panorama. The browser will then request status of the commit job and indicates progress
The first quarter of every new year brings out a flurry of reports summarizing the previous years activity and as a member of the security community I download and actually read many of them – if for no other reason than to see what other vendors are saying – be they competitors or other wise. One report that recently caught my eye was the Top 10 Vulnerabilities Leading to Compromise from Trustwave.
Details To revert to a previous configuration from GUI: For PAN-OS 5.0 and above: Open the Device > Setup > Operations Click on a command from the Load or Revert section on the page. Commit To load a previously saved configuration from the CLI: > configure # load config
Details The show user group name CLI command displays the User-ID Agent group membership associations. For example: > show user group name "cn=testgroup,cn=users,dc=paloaltonetwork,dc=com" source type: service source: test-paloaltonetwork paloaltonetwork\user1 paloaltonetwork\user2 paloaltonetwork\user3 paloaltonetwork\user4 owner: panagent