Date

By Source

By Technology

By Services

By Audience

Displaying 9181 to 9210 of 11116

How to Change the Configuration Audit Version Limit

Overview Configuration Audit versions are useful for rolling a Palo Alto Networks firewall back to a past configuration or for the purpose of comparing the modifications made across commits. This document explains how to change the limit of saved audit versions using the WebUI and CLI. Details The Palo Alto
Ameya-Kawimandan,
  • 0
  • 0

How to Reset Template Values in Panorama

Issue Once configured, a Panorama template cannot be reset to default values Note: The templates feature in Palo Alto Networks Panorama was introduced in PAN-OS 5.0.   In this example, a high-availability profile was changed to enable HA and have GroupID 1.   Template values can generally be removed by
gwesson,
  • 0
  • 0

Cybersecurity Now Top of Mind Around the World and Network Security is Taking Center Stage

It’s no surprise that in the wake of the rapid increase in cyber attacks, governments around the world are moving towards strengthening their cyber security, and even taking steps to mandate better collaboration on security issues between the private and public sectors.
  • 0
  • 1435

How to Create an Admin Role Profile and Push to Managed Firewalls using Panorama

Overview This document describes how to create an admin role in Palo Alto Networks Panorama and push this role to managed devices. The example screenshots below represent a Panorama and devices running PAN-OS 8.0.x but also applies to previous and later versions   Steps Under Panorama > Templates, create a template
jteetsel,
  • 0
  • 0

How Many DNS Any Queries Trigger the DOS Attack or Threat ID 40033?

A Threat ID of 40033 is logged into the threat logs when the Palo Alto Networks firewall sees 500 DNS ANY queries in 60 seconds from the same source/destination.   Details Threat ID 40033 indicates that a DNS ANY Queries Brute Force DOS Attack has been detected. While an ANY
Phoenix,
  • 0
  • 2

Cybersecurity Now Top of Mind Around the World and Network Security is Taking Center Stage

It’s no surprise that in the wake of the rapid increase in cyber attacks, governments around the world are moving towards strengthening their cyber security, and even taking steps to mandate better collaboration on security issues between the private and public sectors. Here is a sample of the most recent initiatives: US – Feb-2013: Obama Orders Cybersecurity Standards for Infrastructure European Union – Feb-2013: EU Unveils New Cybersecurity Policy Italy – Jan-2013: Italian Government Approves Cybersecurity Measures to beef up strengthen online security and protect critical infrastructure from increasing cyber …
  • 0
  • 1

Box CEO Aaron Levie: ‘We’d be fine to lose’ IPO race with Dropbox

Aaron Levie, the chief executive of Box, the fast growing online file sharing company that aims to go public next year, said he’s in no race to beat competitor Dropbox to an initial public offering.
  • 0
  • 1438

What is the Significance of Global Counters?

The command show counter global provides information about the processes/actions taken on the packets passing through the device; whether they are dropped, NAT-ed, decrypted and so on.  These counters are for all the traffic and are useful in troubleshooting poor performance, packet loss, latency, and so on. Use the command
zarina,
  • 0
  • 0

How to Interpret: show system resources

The command show system resources gives a snapshot of Management Plane (MP) resource utilization including memory and CPU. This is similar to the ‘top’ command in Linux. show system resources provides information about the memory used and available and if the MP is using swap. If the swap usage remains
zarina,
  • 0
  • 10

How to Interpret: show running resource-monitor

The command show running resource-monitor gives an overview of the Data Plane (DP) CPU and buffer usage for various time intervals. The cores specified in the CPU usage output have dedicated functionalities: Core 0: used for Management Plane (MP) and Data Plane (DP) communication Core 1: used for session and
zarina,
  • 0
  • 3

How to Perform FIB Lookup for a Particular Destination

Overview This document explains how to perform a fib lookup for a particular destination within a particular virtual router on a Palo Alto Networks firewall. Steps Select the desired virtual router from the list of virtual routers configured with the command: > test routing fib-lookup virtual-router Specify a destination
sraghunandan,
  • 0
  • 2

Monitoring the Unknown

The recent New York Times attack, just like many of the other high-profile attacks over the past couple of years, demonstrated the evolution towards multi-vector, sophisticated attacks. If you haven’t enabled WildFire on your Palo Alto Networks firewalls to complement your threat prevention capabilities, it’s time to do so.
  • 0
  • 0

How to Configure Certificates for Multiple Gateways Managed by a Single Portal for GlobalProtect

Overview This document describes the steps to properly generate and apply certificates for a scenario involving multiple GlobalProtect Gateways managed by a single GlobalProtect Portal.   Steps Check licenses. Device hosting the portal should have a portal and gateway license.All the gateways managed by the portal need to have a
sraghunandan,
  • 0
  • 1

New App Has Same Name as Custom App

Issue A custom application has the same name as a new application in the latest installed content release. PAN-OS does not allow changing the custom application's name citing the newly introduced application cannot be modified.   Resolution Revert to a previous content release that does not contain the new application.
sraghunandan,
  • 0
  • 0

How to Configure MTU and MSS Settings from the CLI

Note: Enter the commands in configure mode.   MTU values can be set on the interface level. Management Interface (available in PAN-OS 5.0 and later): # set deviceconfig system mtu Dataplane Interface:  # set network interface ethernet ethernet1/3 layer3 mtu   MSS values can be adjusted only at the
Phoenix,
  • 0
  • 1

Cannot Commit when Interfaces are Set to 1000/full

Issue PAN-OS devices will not commit configurations that hard code interfaces to full duplex when speed is set to 1000.  The commit will fail with the following error:   Cause The commit fails because the Gigabit Ethernet specification requires auto-negotiation. Explicitly specifying 1000/full is technically an invalid configuration. In previous
ggarrison,
  • 0
  • 1

State of the Union: Citrix and Palo Alto Networks Roadshow

Yesterday, I had the opportunity to attend our inaugural ‘lunch and learn’ technical seminar co-hosted with our strategic partner Citrix in the beautiful, but cloudy, Portland, Oregon.  This seminar in Portland (along with a concurrent seminar that occurred in Salt Lake City) kicks off an entire series of seminars (“Ensure Performance and Security With an App-Enabled Cloud Network”) all across North America and Latin America.  The recent ‘union’ between Palo Alto Networks and Citrix didn’t just result in a lunch at a great steak restaurant (Morton’s here in Portland), but …
Dana Torgersen,
  • 0
  • 0

Antivirus Software: Fighting Blame, Not Hacks

Craig Elliott, chief executive officer of Pertino, a cloud-networking startup, knows that the antivirus software his company uses won’t deter all hacking attacks. That won’t stop him from using it. “It’s a safety blanket,” he says. “It’s CYA [cover your ass] more than anything else.”
  • 0
  • 1530

How the User-ID Agent Include/Exclude List Works

Overview The Include/Exclude list is applied to the hosts and users identified through the User-ID Agent.  The User-ID Agent tries to identify users for the IP range designated as Include. Likewise, the User-ID Agent does not identify users for the network address range designated as Exclude.   Details If the
mbutt,
  • 0
  • 0

On Gartner’s Magic Quadrant for Enterprise Network Firewalls

For those who missed it, Gartner, Inc. recently released its Magic Quadrant for Enterprise Network Firewalls and it gives me pleasure to announce that we are again positioned in the “Leaders” quadrant. If you’re interested in reading the full report and see all of Gartner’s findings, you can get it here. While the full report has a number of interesting data points about the enterprise network firewall market that are worth noting, there are three that I find particularly interesting and want to highlight to you. Gartner’s report offered guidance …
Rene Bonvanie,
  • 0
  • 1

Global Counters Show "Flow_fwd_zonechange" Packets Incrementing

Issue A vpn tunnel goes down and comes back up. A look at the global counters show that the flow_fwd_zonechange counter is incrementing. > show counter global   Cause The flow_fwd_zonechange counter indicates that the egress zone of a packet does not match the egress zone of the matching session.
pvemuri,
  • 0
  • 1

Does Panorama Support a Mixed BrightCloud and PAN-DB Environment?

  Panorama can only be configured for one of the URL DBs (BrightCloud or PAN-DB). However, Panorama includes support for auto-migration of URL categories between non-matching vendors when pushing policies to managed devices.   When a mismatch is detected between the URL DB configured on Panorama and URL DB configured
panagent,
  • 0
  • 0

Palo Alto Networks Positioned in the “Leaders” Quadrant of the Magic Quadrant for Enterprise Network Firewalls

Palo Alto Networks, the network security company, today announced it has been positioned by Gartner, Inc. in the “Leaders” quadrant of the Gartner Magic Quadrant for Enterprise Network Firewalls.[i]
Santa Clara, CA
  • 1
  • 682

How Panorama Retrieves URL Filtering Category Updates

Overview In order to create or modify the url filtering profiles which can be pushed to the managed Palo Alto Networks firewalls, Panorama needs to have a list of URL filtering categories. However, Panorama does not have a URL Filtering license, and the URL Filtering database does not appear under
Phoenix,
  • 0
  • 0

IPSec VPN Error: IKE Phase-2 Negotiation is Failed as Initiator, Quick Mode

Issue A site-to-site IPSec VPN  between a Palo Alto Networks firewall and a firewall from a different vendor is configured. Phase 1 succeeds, but Phase 2 negotiation fails.   A look at the ikemgr.log with the CLI command: > tail follow yes mp-log ikemgr.log   shows the following errors: (
vvasilasco,
  • 0
  • 6

Fan Light Turns Off After 3 Seconds on a PA 5000 Series Firewall

Symptom After replacing the fan in a Palo Alto Networks PA-5020, PA-5050, or PA-5060 firewall, the fan LED is green for 3 seconds and then turns off.   Resolution Ensure the fan is inserted with the correct orientation. When replacing the fan, the filter should be closest to the chassis
gwesson,
  • 0
  • 0

Using the Simple Network Management Protocol (SNMP) PAN-OS 5.0

Simple Network Management Protocol (SNMP) is a set of standards defined by the IETF used for network management. There are multiple versions of SNMP with differing levels of  functionality and security. SNMP is used to query device state and to send alerts about events. This Tech Note shows you how
sesco,
  • 3

How to Configure DNS Proxy on a Palo Alto Networks Firewall

Overview This document describes how to enable, configure, and verify the DNS Proxy feature on a Palo Alto Networks firewall.   Steps   On the Web UI: Navigate to Network > DNS Proxy. Click Add to bring up the DNS Proxy dialog. Select the interfaces on which DNS proxy should
sdurga,
  • 0
  • 2

Message on PA-5000 Series: Disk Pair is Degraded and Missing a Device

Symptom On a Palo Alto Networks PA-5000 Series firewall, the system logs may show the following messages: 2012/11/30 19:21:41 info     general        general 0  New Disk Pair maint detected. 2012/11/30 19:21:41 info     general        general 0  New Disk Pair sysroot0 detected. 2012/11/30 19:21:41 info     general        general 0  New Disk Pair sysroot1 detected.
ukhapre,
  • 0
  • 0

Single Sign-On (SSO) for GlobalProtect Fails from Virtualized Systems on VMware Accessed via RDP

Issue Single Sign-On (SSO) fails when using GlobalProtect (GP) on a Windows system running in a VMware virtualized environment when accessed with Remote Desktop. Cause When logged on to a VM via Remote Desktop, local credentials are not presented in the same way as a native operating system, due to
gwesson,
  • 0
  • 0
Displaying 9181 to 9210 of 11116