Date

By Source

By Technology

By Services

By Audience

Displaying 9181 to 9210 of 9935

Pushing SSL Decryption Certificates Using GPO

Overview This document describes how to use General Policy Objects (GPO) to push SSL decryption certificates to the end-user. Steps Note: Actual screen displays will vary between Windows releases and environments. Export the SSL-Decryption certificate from the Palo Alto Networks firewall. Create a GPO profile. Import the SSL-Decryption cert to

nrice,
  • 0
  • 0

Application Usage Risk Report May 2011 - Country Specific

The Application Usage and Risk Report (7th Edition, May 2011) from Palo Alto Networks provides a global view into enterprise application usage by summarizing 1,253 application traffic assessments conducted between October 2010 and April 2011. The key findings and observations both globally and by specific countries are outlined in this report.

Palo Alto Networks, Santa Clara, CA
  • 0
  • 107

Configuring IPSec VPN between PAN-OS and Check Point Edge / Safe@Office

Overview This document outlines the basic steps involved in establishing a tunnel between a Palo Alto Networks device and a Check Point UTM-1 Edge.  The UTM-1 Edge might also be referred to as VPN-1 Edge, SofaWare, or Safe@Office appliances.  All the named Check Point devices run SofaWare’s Embedded NGX code. 

nrice,
  • 0
  • 0

Updater Error Codes

The following is list of possible codes returned should the auto update agent fail to download the latest Content version. The updater error code is viewable in the ms.log in the Tech Support file. The codes are: case -1: return "generic communication error" case -2: return "command error" case -3:

nrice,
  • 0
  • 0

WikiLeaks: The Face of a Modern Power Struggle

The ongoing WikiLeaks saga has been one of the most intensely covered stories in information security, and for good reason. It involves the exposure of damaging national secrets; has ignited fresh debates about the freedom of information, and has a very willing villain/hero in Julian Assange who is all too happy to hold the spotlight. However, for all of these same reasons it is easy to be lured into following the narrative of WikiLeaks, while missing the very real lessons and warning signs for enterprise security.

  • 0
  • 0

Technical Details Regarding PPPoE Support

Details Basic Information RFC1661 and RFC2516 are supported Per physical-interface configuration The maximum number of PPPoE instances on a device is the number of physical interfaces of the device Only one PPPoE instance can be configured on each physical interface Note: Cannot configure PPPoE on a VLAN tagged sub-interface PPPoE

kmiwa,
  • 0
  • 0

FileType list with the Threat-ID number

Here is the FileType list with Threat-ID as of May, 2017. *The Description for each File Type does not included on this page due to contents size limitation.   ID Name File Type Name Min Version Scope File Type Direction 52000  Microsoft PowerPoint  ppt  1.0.1  session  both 52001  Microsoft Word

nrice,
  • 0
  • 1

Error Message After Software Upgrade: "System Initializing; Please Wait"

Issue After attempting a software (PAN-OS) upgrade, the Palo Alto Networks firewall displays the error on the console: "System Initializing; please wait". This is followed by a continuous reboot cycle. Resolution Perform factory reset on the Palo Alto Networks firewall. See: How to Factory Reset a Palo Alto Networks Device.

nrice,
  • 0
  • 0

Configuration Hardening Guidelines

Palo Alto Networks devices are designed and built with security in mind but as with any network computing device it is important to avoid certain pitfalls when performing configuration tasks. Below are a few guidelines that will assist the administrator in ensuring that their Palo Alto Networks device is properly

nrice,
  • 0
  • 2

Twitter Moves to SSL

Twitter has recently joined the ranks of fellow social media giants Facebook and Google by moving to more widespread and defualt use of SSL to protect their end-users’ information. Twitter announced on their blog that users can set a preference to secure all Twitter communication via HTTPS, which will in time become the default setting for the Twitter service. You can read the Twitter blog here: http://blog.twitter.com/2011/03/making-twitter-more-secure-https.html This shift highlights a very real and important challenge for enterprise security that boils down to this:

  • 0
  • 0

RSA Breach Opens Door for New Security

RSA, the security division of EMC, is trying to contain the damage caused by hackers who penetrated its network and compromised technical specifications for its SecurID token-based multifactor authentication system.

  • 1
  • 1125

Spare Hard Drives for the PA-2000 Series

The hard drives for the PA-2000 series devices are swappable, but there are some caveats listed below: Does the drive come preloaded with a version of PANOS? Yes, A version number will be asked for at the time of the RMA and the spare HDD will come pre-loaded with that

nrice,
  • 0
  • 0

GlobalProtect Data File

The GlobalProtet data file, located on the Device tab > Dynamic Updates contains the OPSWAT file that lists the vendors to be used in the HIP object configuration. A valid Global Protect Gateway and Portal license is necessary, and the download schedule needs to be configured before automatic updates can

nrice,
  • 0
  • 0

Custom App-IDs for March Madness

It’s that time of year again when college basketball takes center stage in America – brackets are filled out, fretted over, and filled out again. Otherwise sane and reasonable coworkers morph into die-hard superfans, and full-grown men begin having serious debates about Cinderella. They call it March Madness for a reason. It is also the time of year when IT and network teams brace for the surge of network traffic as employees tune in to watch the games on-line. This year the impact is likely to be largest ever as …

  • 0
  • 0

Time Stamps in the Logs

When creating a policy rule, there is an option to log the session at session start, session end, both or none. Two terms will show up in the logs that are easily confused Session start time - time at which the session started Receive time - time at which the

nrice,
  • 0
  • 0

Top Global Advertising Agency Selects Palo Alto Networks to Safely Enable Application Access

DDB Amsterdam Increases Application Visibility and Control, Improves Security and Accelerates Speed-to-Market with Next-Generation Firewalls

  • 1
  • 251

Using Native Microsoft Tools to Request Certificates for Palo Alto Networks Firewalls

Microsoft provides a tool, certreq.exe, with its certificate server, to create and submit certificate signing requests (CSR) to a Microsoft certificate server. These tools can be used in place of openssl for environments that use a Microsoft CA. The commands can be used from any domain member system. Certreq requires an

nrice,
  • 0
  • 0

RADIUS Vendor-Specific Attributes (VSA)

Overview This document explains the RADIUS Vendor Specific Attributes (VSA) used with the Palo Alto Networks Next Generation Firewalls and Panorama server. The configuration on the Palo Alto Networks device and Panorama server are identical. Note: Palo Alto Networks uses the vendor code: 25461   There are 5 attributes: PaloAlto-Admin-Role:

nrice,
  • 0
  • 1

How to Configure Kerberos Authentication in PAN-OS

Details Configuring a Kerberos server allows users to authenticate natively to a domain controller. When the Kerberos settings are configured, Kerberos becomes available as an option when defining authentication profiles. Recommendations for configuring Kerberos are provided below: DNS Entries If using Active Directory, it is easiest to use the AD

nrice,
  • 0
  • 0

Palo Alto Networks Targets Data Center and Remote Workforce Opportunities with New Hardware and Software

As enterprises look to extend visibility and control of all traffic and threats to their data centers and remote workforce, Palo Alto Networks once again innovates and delivers

  • 0
  • 495

SSH tunneling Control

The Secure Shell (SSH) is a protocol for secure remote login and other secure network services over an insecure network.  SSH allows tunneling, which can be used to subvert firewalls and breach security policies. Users can "sneak through" a firewall by hiding applications that the firewall would normally block, wrapping

jpa,
  • 0
  • 0

Can I issue block pages over SSL?

Yes.  For URL filtering, file blocking, and antivirus profiles, you can automatically issue a block page by setting the policy action to "block".  In order to issue a block page over SSL, you must also enable SSL decrypt.  For more information on how to do this, please refer to the

dyang,
  • 0
  • 0

What Information is in the System Logs?

System Log Fields: Type The purpose of the type field is to provide general categorization of events. This will typically be the feature that is related to the event (routing, vpn, ha, authentication, etc.) Severity Each event has an associated severity. The intent of the severity is to give the

nrice,
  • 0
  • 1

How To Protect a Web Server from a DoS Attack

Details It is possible to configure a Denial-of-Service (DoS) protection policy for a server. In the example below, users from the Internet are accessing the server, 1.1.1.10, which is NATed to 192.168.1.10. The DoS policy will be configured to protect the server with a maximum of 20000 sessions and 1000

nrice,
  • 0
  • 0

SNMP for Monitoring Palo Alto Networks Devices

Overview The lists below show OIDs for Palo Alto Networks Devices and useful OIDs from various MIBs for performing basic SNMP monitoring of the Palo Alto Networks device.   OIDs for Palo Alto Networks Devices PA-200: 1.3.6.1.4.1.25461.2.3.12 PA-500: 1.3.6.1.4.1.25461.2.3.6 PA-2020: 1.3.6.1.4.1.25461.2.3.4 PA-2050: 1.3.6.1.4.1.25461.2.3.3 PA-3020: 1.3.6.1.4.1.25461.2.3.18 PA-3050: 1.3.6.1.4.1.25461.2.3.17 PA-4020: 1.3.6.1.4.1.25461.2.3.2 PA-4050:

Teresa,
  • 0
  • 3

SYSTEM ALERT : medium : DP DDR0 ECC single 0, double 2, dimm 0, rank 1, bank 2, row 0x1435 column 0x440

On most systems, ECC error messages similar to the following in the dp-console and system logs are a good indication that there is a system memory problem with a failed DIMM. Replacing the device is usually required. However, on the PA-500 series, the error could also indicate that software is

nrice,
  • 0
  • 1

How to Import Palo Alto Networks Firewall Configurations into Panorama

Overview This document describes how to manually import the policies of an existing Palo Alto Networks firewall into Panorama.  Addresses, address groups, services and policies will be imported so the same policies can be applied to other firewalls that are managed by Panorama. Assumptions You have a PAN firewall that

nrice,
  • 0
  • 1

What is the Cable Length Supplied with a Device?

Ethernet Cable (UTP): White color code Category 6 (550MHz) 7 ft (2.13 m)   Console Cable: 6 ft (1.83 m) DB-9 Female to DB-9 Female (for PA-4000 series) DB-9 Female to RJ-45 (for PA-500/2000 series)   owner: kmiwa

kmiwa,
  • 0
  • 0

Changing the Time Frame for a Report Stats Dump

Overview The Report Stats Dump, found on the Palo Alto Networks firewall Device tab > Support , will only record the past 7 days from the current time by default.  The stats dump provides the data used for the "Application, Visibility and Risk Report" compiled by Palo Alto Networks for

nrice,
  • 0
  • 0

Summary of User-ID Agent to Firewall Communication

Though the communication is constant, there is very little bandwidth used for the traffic between the Palo Alto Networks firewall and the User-ID Agent or PAN-Agent.  The summary below indicates the frequency of various queries: Every 2 seconds Get new user/IP mapping from the agent. Used to retrieve new user/IP

nrice,
  • 0
  • 0
Displaying 9181 to 9210 of 9935