Date

By Source

By Technology

By Services

By Audience

Displaying 9421 to 9450 of 10467

How to Determine the Number of Rejected Non-SYN TCP Packets

To check the current setting (default value=true) > show session info | match non-SYN   TCP - reject non-SYN first packet:             True To enable the rejection of Non-SYN TCP packets, run the following CLI command: > set session tcp-reject-non-syn yes Note: The above command will not be permanent unless issued

panagent,
  • 0
  • 0

What happens on a HA sync-to-peer?

The following is what occurs on a HA sync-to-peer (in PAN-OS 4.0 and 3.1): A transform is done on the running/candidate xml locally The transformed config is transferred over a socket from mgmtsrvr to ha_agent (start of timeout period) ha_agent transfers this config to the peer ha_agent (call it ha_peer)

panagent,
  • 0
  • 1

How to Eliminate Alarm Message: Log Database Exceeds Alarm Threshold Value

Symptom Here is an example of a full alarm message: Current size (57197 MB) of traffic log database exceeds alarm threshold value(90%) of total allowed size(63072 MB).   Issue Logs are purged when the quota size is exhausted, which is why it has been recommended to set the overall quota

panagent,
  • 0
  • 0

Commit Force not Triggering Session Rematch

Issue On the Device Tab > Setup, there is an active Session Rematch. Doing a commit force is not rematching the sessions. Resolution Rematch session applies only to security policies and not any other policy. Rematch session only happens when there is a policy change. To view a list of

panagent,
  • 0
  • 0

Domain Check in HIP Profile

Issue If a user authenticates successfully as the logs say, why is the domain not shown in the command: show global-protect-gateway current user? Resoltuion The DNS domain name might not work since the Palo Alto Networks firewall is looking for the domain name associated with the AD machine account name,

panagent,
  • 0
  • 0

Is a cross-over cable required with Hard Coded Speed/Duplex Settings?

When the Interface setting is hard coded, the auto duplex discovery will be disabled.  Therefore, on some devices a cross-over cable may be needed, depending on how the hardware wiring is set up for the transmit and receive pairs.   owner: panagent

panagent,
  • 0
  • 0

NAT Rule Error: Mismatch Static IP

Issue Receiving the following error message on commit: device: nat rule 'NAT_rule': Mismatch static-ip address range between original address and translated addressFailed to parse nat policyCommit failed   Cause Using a subnet /24 to translate to one static IP.  This is not allowed or supported.   Resolution Need to use

panagent,
  • 0
  • 2

Palo Alto Networks Appoints Mark Anderson as Senior Vice-President of Worldwide Field Operations

Palo Alto Networks Appoints Mark Anderson as Senior Vice-President of Worldwide Field Operations

Santa Clara, CA
  • 0
  • 1108

How to determine the correct value to put in the PAN IKE peer KEYID field?

When configuring a Cisco ASA key-id field, how do you determine the correct value to put in the PAN IKE peer KEYID field? The Cisco-ASA allows any ASCII string input. This ASCII string key-id must be converted to hexadecimal before using it in the PAN’s dynamic IKE Peer KEYID field.

panagent,
  • 0
  • 0

Elevated Privileges and User ID in Active Directory Environments

This document examines the interaction of multiple user accounts that are used by the same employee for different tasks and how User Identification can be used in this scenario. This document applies to all versions of PAN-OS through 4.1. owner: npiagentini

panagent,
  • 0
  • 1

Applications that can be used in Data Filtering Profiles

Overview The following applications can be used inside Data Filtering profiles: 2ch-posting 4shared 51.com-base 51.com-bbs 51.com-mail 51.com-posting 51.com-webdisk ad-selfservice adobe-meeting adobe-online-office adrive aim-express-base aim-mail akamai-client amazon-cloud-drive amazon-cloud-drive-base amazon-cloud-drive-uploading amazon-cloud-player ameba-blog-posting ameba-now-base ameba-now-posting any apple-appstore ariel avaya-webalive-base babylon backpack-editing badongo badoo baidu-webmessenger batchbook bebo-mail bebo-posting bigupload blackboard blog-posting bonpoo boxnet-base boxnet-editing

panagent,
  • 0
  • 2

Report: Facebook Usage at Work Is Still Risin

Companies that are still fighting to keep their employees from using Facebook are apparently losing the battle, with games from Zynga scoring some significant victories, according to the latest research from Palo Alto Networks.

  • 0
  • 1047

Facebook Luring Employees to Hog Bandwidth

Social-network users are hogging more computer-network bandwidth -- from the cubicle next door.

  • 0
  • 987

Employees Three Times More Active on Social Networking Applications Than Previous Year

Employees Three Times More Active on Social Networking Applications Than Previous Year

Santa Clara, CA
  • 0
  • 136

Zynga Rises As Rivals Falter

  • 0
  • 897

How to allow/block Dropbox application

Dropbox has both a web browser interface and a desktop client (a special folder). Traffic from both the interfaces is SSL based and is identified as ‘dropbox’ App-ID. To identify uploads and downloads: Configure a SSL decryption rule for the traffic and inspect the content inside. With the browser interface,

panagent,
  • 0
  • 1

What order does the PAN use to check for URL categories?

The order in which the device checks for URL categories is as follows: Block list Allow list Custom categories Device cache BrightCloud downloaded database Cloud lookup (if enabled) Note: If you've included a specific URL in a block list, it will always be blocked, regardless of how it is categorized

panagent,
  • 0
  • 1

Where are the HTTP/HTTPS timeout values set?

On the Objects tab, select Applications. Search for web-browsing and then open it to view and adjust the TCP/UDP timeout values.   owner: panagent

panagent,
  • 0
  • 0

How to disable State Synchronization in HA (Active/Passive)

Palo Alto Newtworks Tech Support recommends disabling the State Synchronization feature on the active device first. Then disable this feature on the passive device. If you disable this feature on the passive device first, it will cause the active to become non-functional and initiate a failover. owner: panagent

panagent,
  • 0
  • 1

Can QoS Classes be Modified to Use Names Instead of Numbers?

No. The QoS class is predefined as a number from 1 to 8. There is no option available to change the QoS class number to a name.   owner: mzhou

panagent,
  • 0
  • 0

How does the PAN Handle Packets that Arrive out of Order?

Q: How does the PAN Handle Packets that Arrive out of Order? A: If packets arrive out-of-order they will be buffered to order them. Q: How does the PAN handle cases in which stream-based inspection poses special difficulties. Example: TCP and UDP packets may arrive out of order (which is

panagent,
  • 0
  • 0

Which has precedence Interface Management Profiles or Security Policies?

The security policy will take precedence over the Interface Management Profile. owner: panagent

panagent,
  • 0
  • 1

Troubleshooting URL Filtering issue

Issue Sites are being blocked by the policy using custom URL block list. Sites not blocked by custom URL block list but belong to blocked categories are not being blocked. Resolution Verify the URL database has been downloaded by checking under Device > Dynamic Updates. The version should not be

panagent,
  • 0
  • 3

Is SSL Decryption Set up on a Per-Rule Basis?

Question: Is SSL Decryption Set up on a Per-Rule Basis?   Answer: Yes, the SSL decryption rules are a separate rule base and are created, configured and processed on a per rule basis. Rules are located under: Policies > Decryption   owner: panagent

panagent,
  • 0
  • 0

SSL Decryption Not Working due to Unsupported Cipher Suites

Issue With Inbound SSL decryption, after the required configuration and import of all required certificates, the inbound SSL decryption is not working on the web server.   Similarly when using SSL Forward Proxy, sessions are either not getting decrypted and continue to show as application"ssl", or connections are not allowed

panagent,
  • 0
  • 1
Displaying 9421 to 9450 of 10467