Issue After the server details have been entered, the firewall will attempt to get the Base DN automatically. In cases where the firewall could not get the information, an "Unable to fetch data. Server may be unreachable" error will occur. Resolution To resolve this issue, please check the following items:
PAN-OS 5.0, 6.0 Overview Palo Alto Networks firewall will, by default, reject the first packet that does not have the SYN flag turned on as a security measure. Normal TCP connections start with a 3-way handshake, which means if the first packet seen by the firewall is not the SYN
Under Monitor > Mange Custom Reports, Click Add. Once the window opens, the following template can be configured to have a report generated for the last 30 days for vulnerability only Query builder inclusion gives the option to only include vulnerability in the reports: Connector == 'and' Attribute == 'Type'
Details When a Palo Alto Networks firewall has access to two or more service providers, creating an inbound NAT rule has to be done differently because of the fact that inbound traffic might come from either ISP. For this example; Public IP address to be used from ISP "A" will
This file is the Palo Alto Networks RADIUS dictionary that installs on a RADIUS server and defines authentication attributes needed for communication between a Palo Alto Networks firewall and the RADIUS server. Refer to the documentation for the RADIUS server software you will be using for instructions on where the
Issue The SIP traffic gets dropped after a two hour session and needs to be reconnected. At the two hour mark, the keep-alive packets are dropped for TCP port 5060. Cause If the firewall does not see traffic on an established session, it will continue to downcount the session Time-To-Live
The following list provides items that are synchronized between peers: Through the HA1 link: Configuration (both devices must be running the same OS version to synchronize configuration) Policy, Objects, and Network Tabs (including VR sync (when not employing dynamic routing protocols), QoS, User-id, and routing info) App-ID and Content-ID (if
Steps to provide Quality of Service (QoS) for a single IP address or group of IP's. Create a profile. Device > Network > QoS Profile I have created 2 classes each for a 2 different users and they have different bandwidth restrictions as shown below. Assign the profile
While information security is about protecting your customers from a wide range of threats, the chief marketing officer of Palo Alto Networks is cautioning his channel partners against marketing based on fear.
Symptoms Dynamic update attempts result in the following error: "failed to get a response from the device server" Issue Under Device / Setup / Services / Service Route Configuration is where administrators can configure which IP to be used when downloading updates. By default, this will be the management interface
When a default action is changed, the vulnerability has to be enabled for it to take effect. This default action can also be changed through CLI in configure mode: # set profiles vulnerability threat-exception action owner: sdarapuneni
Symptom Panorama, deployed as either the Palo Alto Networks M-100 device or as a virtual appliance, stops receiving logs from Palo Alto Networks firewalls. The traffic and threat logs can be viewed when looking directly on the firewalls, but are not visible on Panorama. Details The Palo Alto Networks
Previous versions of the User-ID software had separate lists for included and excluded networks. User-ID 4.1 now has both lists merged into a single list. This list is evaluated from the top down and in case of contradictions, the include list will take precedence and for that reason, in most
Over the years, many of you have been asking us when we’ll host our first global user conference. At last, we have very good news for you! This November 12-14 in Las Vegas, we welcome you — our current and future customers and partners — to the Palo Alto Networks Ignite Conference 2012. Based on your feedback, Ignite will be about customer collaboration — an opportunity to learn, share, and inspire each other. And as you may know by now, we at Palo Alto Networks never do things half-hearted, so …
Issue Dynamic Updates fail with the following error message: "content update failed with the following messages: Image File Authentication Error Failed to extract rpm file /opt/pancfg/mgmt/content-images/tmp/panupv2-all-contents-313-1422.tgz". Manually installing the update package will also result in the same error. Resolution There are 3 different ways to resolve this issue.
If the ACC logs show information on a Denial of Service attack but no information is found in the threat log, enable zone protection on the public interface Note: The goal of a denial of service attack is to bring down a network by sending a lot of requests. Those
Symptoms After connecting the firewall to a modem that provides an IP address through DHCP and creating a default route that points to the modem, the commit fails. Issue By default, when configuring an interface to get an IP address from a DHCP server, the option to automatically create
Issue When attempting to manually configure the link speed of a 10Gb interface, the options available are 1000 and auto. Resolution As it is the case with gigabit interfaces, 10Gb interfaces should be set to Auto and connect to a device which is also set to Auto negotiate. The
Here in the states, the excitement around the 2012 Olympics is building rapidly as we watch the U.S. Olympic team trials for track and field, swimming and gymnastics. The competition is an amazing teaser to what is coming in late July. Unbeknownst to many, NBC has established an agreement with YouTube to stream the Olympics in their entirety – amounting to approximately 3,000 hours of online content. If the current volume of streaming media and photo application usage is any indication, where’s my bandwidth? may be asked regularly by network …
This issue is often seen when using the Putty terminal client to connect to the serial console, due to the insufficient CLI terminal dimensions.. Resolution Run the following commands via the CLI > set cli terminal height 500 > set cli terminal width 500 Following snapshot depicts the changed output
Symptoms Users on workstations that recently got an IP address from the DHCP server aren't able to use the internet. After a period of time, connectivity gets established and users can now access the internet Issue Palo Alto Networks firewalls can handle a fixed number of ARP entries in the
Overview When a user has a configuration lock, it is not possible to perform a commit or push a policy from Panorama. If the administrator is not available to remove the lock, a device WebGUI or CLI command can be used by a superuser to force the removal of the