Date

By Source

By Technology

By Services

By Audience

Displaying 9961 to 9990 of 11258

How to use Deployment in Panorama

Panorama allows firewall administrators to push (deploy) software or update packaged from a central location. This document offers details on how to use Panorama to deploy the following packages Licenses Client Software Dynamic Updates PAN-OS Software To deploy licenses: Panorama > Device Deployment > Licenses To deploy Software: Panorama >
Phoenix,
  • 0
  • 1

ospf export tag

Issue After configuring OSPF with redistribution, the commit succeeds but a warning message about the tag is displayed. Resolution The OSPF export tag is configured under Network > Virtual Routers > OSPF > Export Rules. The tag value (if specified) should be 32 bit, not an integer. If the required
zarina,
  • 0
  • 0

SCADA and your Data Center

  • 1
  • 1929

What is HA-Lite on Palo Alto Networks PA-200 and VM-Series Firewalls?

HA-Lite is the name of the high-availability feature on the PA-200 and VM-Series firewalls. It offers a lighter version of the HA capabilities found on the other Palo Alto Networks hardware platforms. A limited version of HA is necessary on PA-200s because of the limited number of ports available for
apasupulati,
  • 0
  • 1

SCADA and your Data Center

Over the last few months, discussions on cyberweapons targeting critical infrastructure have increased. Most of the discussions have centered around attacks to Industrial Control Systems (ICS) such as SCADA (Supervisory Control and Data Acquisition) systems. First a little something about Industrial Control Systems and SCADA as they are used quite interchangeably. Industrial Control Systems are the control systems used in manufacturing processes for industries such as electrical, water, oil, and gas. They encompass supervisory and control data acquisition systems like SCADA, Distributed Control Systems (DCS) and Programmable Logic Controllers (PLCs). …
  • 0
  • 2

How to Swap Pre-Rules and Post-Rules in Panorama

Steps To change pre-rules into post-rules, or vice versa: Export the configuration from Panorama Open the file with a text editor Rules are split into two sections (pre and post). Cut/Paste rules from/to the desired sections Import the configuration in Panorama Run a Commit from the firewalls Push the policy
shasnain,
  • 0
  • 0

Proxy-ID for VPNs Between Palo Alto Networks and Firewalls with Policy-based VPNs

Difference between policy-based VPNs and route-based VPNs are: Policy-based VPNs                                                                                                                                                                        The IPSEC tunnel is invoked during policy lookup for traffic matching the interesting traffic.                                   There are no tunnel interfaces. The remote end of the interesting traffic has a route pointed out through the default gateway.                                 As there are no tunnel
kprakash,
  • 0
  • 2

Surfing the Log Files

If you’re like me, there’s a perfect hour that happens right after the kids go to sleep. Your spouse settles down to read a book, and you have the remote control to the television all to yourself. With no plan for what to watch, how do you find something that you’re interested in seeing?
Brian Tokuyoshi,
  • 0
  • 1

Coverage Information for Microsoft Security Advisory (2719615)

Summary Microsoft has published a Security Advisory (“Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution”) that discloses a new critical vulnerability in Microsoft XML Core Services (CVE-2012-1889) affecting Internet Explorer, Office 2003 and Office 2007. Complete information from Microsoft is available at http://technet.microsoft.com/en-us/security/advisory/2719615. Coverage Information In response to this advisory, Palo Alto Networks has released an emergency content update (version 314) that provides detection of attempted exploitation of the vulnerability described in this advisory. The following signatures have been added to detect exploitation of this vulnerability: Severity ID Attack Name CVE ID …
Taylor Ettema,
  • 0
  • 0

Palo Alto Networks Expands Global Reach in Latin America

Leading Next-Generation Firewall Company Opens Offices in Brazil and Mexico
Santa Clara, CA
  • 0
  • 1790

Can "Any" be Set as Destination for Inbound NAT Rules?

Overview Can "Any" be Set as Destination for Inbound NAT Rules? No. For inbound NAT rules, a destination IP address needs to be configured so that the firewall can answer ARP requests for that IP address, and it knows to accept that connection and forward it appropriately. When attempting to
npare,
  • 0

Commit Error: 'Number of dynamic-ip-and-port rules (x) exceeds vsys capacity'

Issue While attempting to commit changes, the following error message is displayed:   Error: Number of dynamic-ip-and-port rules (451) exceeds vsys capacity (450) Error: Failed to parse nat policy (Module: device) Commit failed   Note: This error will occur when too many rules are in place, but the first number
npare,
  • 0
  • 0

SSL Decryption Not Working with iOS Devices

Details In PAN-OS 5.0, SSL decryption works on desktop computers, but when using the internet with an iPad or iPod device, decryption does not work. Utilizing TLSv1.2, when implementing forward-proxy, will continue to pass though, but will not be decrypted. In PAN-OS 6.0 and above, SSL decryption works on Safari,
npare,
  • 0
  • 0

Spanning Tree Protocol STP packets dropped in Vwire mode

Symptoms Spanning tree (STP) packets are dropped when going through the firewall when configured as V-Wire causing erratic behavior on devices adjacent to the firewall. Cause By default, a pair of V-Wire interfaces allows untagged traffic (no 802.1q headers).  The cause may be the STP packets being dropped are part
sdurga,
  • 0
  • 0

Do GlobalProtect Portals Support IPv6?

GlobalProtect gateways do not support IPv6. When attempting to commit with an IPv6 address, the following error message will be seen:   Details: Error: GlobalProtect portal use ipv6 address (Module: device) Commit failed   owner: rkalugdan
npare,
  • 0
  • 0

Kerberos Authentication Errors

Issue When attempting to log in to the firewall using a Kerberos user, an error message similar to the following is displayed: User 'domain\username' failed authentication. Reason: Invalid username/password From: 192.0.2.33. Resolution If the Kerberos server is a hostname or fully qualified domain name, ensure the firewall has access to
npare,
  • 0
  • 1

Dynamic Updates Failing When Sourcing from Inside Interface

Issue Under WebGUI -  Device > Setup > Services > Service Route Configuration, When the public IP address is selected, automatic updates work but not when selecting an inside interface or the management interface.   Cause By default, traffic to/from the same zone is allowed which means rules aren't evaluated
npare,
  • 0
  • 1

Firewall Slows Down and Stops Forwarding Traffic after Applying QOS Policy

Issue After applying a basic QOS policy, everything worked but over time, traffic slows down to a point where the firewall needs to be rebooted for bandwidth to be fully used again. Resolution When applying QOS, always make sure that Class 4 traffic has a policy as well since this
npare,
  • 0
  • 0

Difference between Log Forwarding for a Zone and Security Policy Log Forwarding

Overview Palo Alto Networks firewalls allow administrators to forward logs to external servers. Log forwarding configuration can be found in security rules and also when defining a zone. Details Rule Based Log Forwarding When enabling log forwarding for a rule (or rules), the firewall will forward logs to the external
npare,
  • 0
  • 1

Authentication Issues with Shared LDAP Configuration over Multiple VSYS

Symptoms Group based rules don't match when authenticating via a shared LDAP configuration and a shared authentication profile.   Issue Group information is not carried over different virtual systems which is why rules configured to allow or deny groups of users will not match in the policy   Resolution Configure
npare,
  • 0
  • 1

Duplicate Node Error when Pushing Policy from Panorama

Symptoms The following error occurs when attempting to push a policy from Panorama to managed Palo Alto Networks devices: Mar 29 14:45:34 Error: _pan_schema_verify_node(pan_schema_obj.c:3785): is a duplicate node near line 38 Another possible symptom would be that commit failures from the GUI and
npare,
  • 0
  • 0

Can TCP Resets be Sent Through a TAP Interface?

Palo Alto Networks firewalls cannot send reset packets to close connections through a TAP interface. The majority of switches do not accept incoming packets from mirrored ports. owner: rkalugdan
npare,
  • 0
  • 1

WildFire Portal Not Displaying All Files Uploaded

Symptoms The firewall log report "forward-upload-success" for a file but when accessing the WildFire portal the file isn't showing up   Resolution The likely cause for this issue is that the file type was not supported. Example output of "debug vardata-receiver on" (recorded in mp-log/varrcvr.log): May 23 15:43:38 pan_fbd_cloud_upload_file(pan_fbd_fwd.c:1061): cloud
npare,
  • 0
  • 0

Social Media in the Office: Two Truths and A Lie

While most executives understand that social media use in the workplace is a reality, their approach to managing it varies dramatically.
  • 0
  • 2075

Bavaria

Growing up in the Netherlands, I was placed in a classic Dutch dilemma. As a beer drinking nation, I was faced with endless choices and each brand had its loyal fans who could explain why their brew was truly unique. Bavaria always stood out to me as special: family-owned, family-run for 7 generations, first to market with a non-alcoholic beer, presence in more than 120 countries, and the list of values and virtues goes on and on. At Palo Alto Networks we are proud to have been chosen by such …
Rene Bonvanie,
  • 0
  • 0

On the Internet, Trust is Fleeting

As further analysis of Flame come to light, one of the most interesting aspects of it comes from the way that it establishes trust. Or, perhaps more accurately, how it appropriated it. Flame was able to make its software packages appear that they came from Microsoft. In recent days, Microsoft has been working to correct the problem by getting patches pushed out as well as taking steps to harden Windows Update from the techniques that Flame used for a Man in the Middle attack.
Brian Tokuyoshi,
  • 0
  • 0

Will You Be at the Gartner Summit?

We’re excited to be a Platinum sponsor at the Gartner Security and Risk Management Summit taking place next week (June 11-14, 2012) in Washington, DC. This summit is a great time not only to get together with Gartner analysts but it also gives us an opportunity to meet key decision–makers that are passionate about security. I’m personally looking forward to attending several of the conference sessions, particularly on topics close to my heart such as cloud security, big data and mobile security. Do stop by the Palo Alto Networks booth …
  • 0
  • 0

The Hidden Risks of P2P Traffic

  • 0
  • 1868

Getting Network Connectivity By Any Means Necessary

A number of years ago, I read Howard Schultz’s book “Pour Your Heart Into It: How Starbucks Built a Company One Cup at a Time”. One interesting aspect of it described how Schultz saw the coffee shop as something more than just a store for selling products, but rather a social experiment. Schultz theorized that besides the office and home, people need a “Third Place” that they can call their own and spend time, and he modeled the design of Starbucks to fill that need. The stores provide the comforts …
Brian Tokuyoshi,
  • 0
  • 0

Change the Brute Force Trigger Criteria

Overview This document describes how to view and edit the default attempts it takes to successfully trigger a brute force attempt passing through the Palo Alto Networks firewall. Steps Open the Vulnerability profile, go to Object > Security Profiles > Vulnerability Protection Open the Exceptions tab Click on Show all
zarina,
  • 0
  • 0
Displaying 9961 to 9990 of 11258