Two signatures exist for data filtering: Credit Card: the device will look for 16 digit numbers and will run thru a hash algorithm. It must match the hash algorithm before detecting this as a Credit Card number. This method has less false positive. Social Security Number: is detected as any
Overview For max-packet-rate, the unit is kilobytes per second: set deviceconfig setting logging max-packet-rate 250 For max-log-rate, the unit is counts per second: set deviceconfig setting logging max-log-rate 250 The current values can be checked with the show system setting logging command. For example: > show system setting logging Max.
There is explosive growth in global social networking and browser-based file sharing on corporate networks, with a 300 percent increase in active social networking (e.g., posting, applications) compared with activity during the same period in the latter half of 2010, according to research published by Palo Alto Networks.
A new study by network security firm Palo Alto Networks shows "explosive" growth in the use of social networks in the workplace, with a 300 percent increase in social media activity in the latter half of 2011 compared with the same period of 2010.
Overview Saving a config change is basically saving the xml configuration to a file. It doesn't apply the changes into the current config. Commit is basically save and apply the changes. You always need to commit the configuration change to see the effect of the change. If the changes are
Overview To allow Ping and other management traffic, configure an Interface Management Profile and apply it to the interface. Steps Go to Network > Network Profiles > Interface Mgmt Create a profile allowing ping: Go to Network > Interfaces and assign the profile, created above, to the interface under the
To check the current setting (default value=true) > show session info | match non-SYN TCP - reject non-SYN first packet: True To enable the rejection of Non-SYN TCP packets, run the following CLI command: > set session tcp-reject-non-syn yes Note: The above command will not be permanent unless issued
The following is what occurs on a HA sync-to-peer (in PAN-OS 4.0 and 3.1): A transform is done on the running/candidate xml locally The transformed config is transferred over a socket from mgmtsrvr to ha_agent (start of timeout period) ha_agent transfers this config to the peer ha_agent (call it ha_peer)
Symptom Here is an example of a full alarm message: Current size (57197 MB) of traffic log database exceeds alarm threshold value(90%) of total allowed size(63072 MB). Issue Logs are purged when the quota size is exhausted, which is why it has been recommended to set the overall quota
Issue On the Device Tab > Setup, there is an active Session Rematch. Doing a commit force is not rematching the sessions. Resolution Rematch session applies only to security policies and not any other policy. Rematch session only happens when there is a policy change. To view a list of
Issue If a user authenticates successfully as the logs say, why is the domain not shown in the command: show global-protect-gateway current user? Resoltuion The DNS domain name might not work since the Palo Alto Networks firewall is looking for the domain name associated with the AD machine account name,
When the Interface setting is hard coded, the auto duplex discovery will be disabled. Therefore, on some devices a cross-over cable may be needed, depending on how the hardware wiring is set up for the transmit and receive pairs. owner: panagent
Issue Receiving the following error message on commit: device: nat rule 'NAT_rule': Mismatch static-ip address range between original address and translated addressFailed to parse nat policyCommit failed Cause Using a subnet /24 to translate to one static IP. This is not allowed or supported. Resolution Need to use
When configuring a Cisco ASA key-id field, how do you determine the correct value to put in the PAN IKE peer KEYID field? The Cisco-ASA allows any ASCII string input. This ASCII string key-id must be converted to hexadecimal before using it in the PAN’s dynamic IKE Peer KEYID field.
This document examines the interaction of multiple user accounts that are used by the same employee for different tasks and how User Identification can be used in this scenario. This document applies to all versions of PAN-OS through 4.1. owner: npiagentini