Date

By Source

By Technology

By Services

By Audience

Displaying 9991 to 10020 of 11273

Kerberos Authentication Errors

Issue When attempting to log in to the firewall using a Kerberos user, an error message similar to the following is displayed: User 'domain\username' failed authentication. Reason: Invalid username/password From: 192.0.2.33. Resolution If the Kerberos server is a hostname or fully qualified domain name, ensure the firewall has access to
npare,
  • 0
  • 1

Dynamic Updates Failing When Sourcing from Inside Interface

Issue Under WebGUI -  Device > Setup > Services > Service Route Configuration, When the public IP address is selected, automatic updates work but not when selecting an inside interface or the management interface.   Cause By default, traffic to/from the same zone is allowed which means rules aren't evaluated
npare,
  • 0
  • 1

Firewall Slows Down and Stops Forwarding Traffic after Applying QOS Policy

Issue After applying a basic QOS policy, everything worked but over time, traffic slows down to a point where the firewall needs to be rebooted for bandwidth to be fully used again. Resolution When applying QOS, always make sure that Class 4 traffic has a policy as well since this
npare,
  • 0
  • 0

Difference between Log Forwarding for a Zone and Security Policy Log Forwarding

Overview Palo Alto Networks firewalls allow administrators to forward logs to external servers. Log forwarding configuration can be found in security rules and also when defining a zone. Details Rule Based Log Forwarding When enabling log forwarding for a rule (or rules), the firewall will forward logs to the external
npare,
  • 0
  • 1

Authentication Issues with Shared LDAP Configuration over Multiple VSYS

Symptoms Group based rules don't match when authenticating via a shared LDAP configuration and a shared authentication profile.   Issue Group information is not carried over different virtual systems which is why rules configured to allow or deny groups of users will not match in the policy   Resolution Configure
npare,
  • 0
  • 1

Duplicate Node Error when Pushing Policy from Panorama

Symptoms The following error occurs when attempting to push a policy from Panorama to managed Palo Alto Networks devices: Mar 29 14:45:34 Error: _pan_schema_verify_node(pan_schema_obj.c:3785): is a duplicate node near line 38 Another possible symptom would be that commit failures from the GUI and
npare,
  • 0
  • 0

Can TCP Resets be Sent Through a TAP Interface?

Palo Alto Networks firewalls cannot send reset packets to close connections through a TAP interface. The majority of switches do not accept incoming packets from mirrored ports. owner: rkalugdan
npare,
  • 0
  • 1

WildFire Portal Not Displaying All Files Uploaded

Symptoms The firewall log report "forward-upload-success" for a file but when accessing the WildFire portal the file isn't showing up   Resolution The likely cause for this issue is that the file type was not supported. Example output of "debug vardata-receiver on" (recorded in mp-log/varrcvr.log): May 23 15:43:38 pan_fbd_cloud_upload_file(pan_fbd_fwd.c:1061): cloud
npare,
  • 0
  • 0

Social Media in the Office: Two Truths and A Lie

While most executives understand that social media use in the workplace is a reality, their approach to managing it varies dramatically.
  • 0
  • 2077

Bavaria

Growing up in the Netherlands, I was placed in a classic Dutch dilemma. As a beer drinking nation, I was faced with endless choices and each brand had its loyal fans who could explain why their brew was truly unique. Bavaria always stood out to me as special: family-owned, family-run for 7 generations, first to market with a non-alcoholic beer, presence in more than 120 countries, and the list of values and virtues goes on and on. At Palo Alto Networks we are proud to have been chosen by such …
Rene Bonvanie,
  • 0
  • 0

On the Internet, Trust is Fleeting

As further analysis of Flame come to light, one of the most interesting aspects of it comes from the way that it establishes trust. Or, perhaps more accurately, how it appropriated it. Flame was able to make its software packages appear that they came from Microsoft. In recent days, Microsoft has been working to correct the problem by getting patches pushed out as well as taking steps to harden Windows Update from the techniques that Flame used for a Man in the Middle attack.
Brian Tokuyoshi,
  • 0
  • 0

Will You Be at the Gartner Summit?

We’re excited to be a Platinum sponsor at the Gartner Security and Risk Management Summit taking place next week (June 11-14, 2012) in Washington, DC. This summit is a great time not only to get together with Gartner analysts but it also gives us an opportunity to meet key decision–makers that are passionate about security. I’m personally looking forward to attending several of the conference sessions, particularly on topics close to my heart such as cloud security, big data and mobile security. Do stop by the Palo Alto Networks booth …
  • 0
  • 0

The Hidden Risks of P2P Traffic

  • 0
  • 1871

Getting Network Connectivity By Any Means Necessary

A number of years ago, I read Howard Schultz’s book “Pour Your Heart Into It: How Starbucks Built a Company One Cup at a Time”. One interesting aspect of it described how Schultz saw the coffee shop as something more than just a store for selling products, but rather a social experiment. Schultz theorized that besides the office and home, people need a “Third Place” that they can call their own and spend time, and he modeled the design of Starbucks to fill that need. The stores provide the comforts …
Brian Tokuyoshi,
  • 0
  • 0

Change the Brute Force Trigger Criteria

Overview This document describes how to view and edit the default attempts it takes to successfully trigger a brute force attempt passing through the Palo Alto Networks firewall. Steps Open the Vulnerability profile, go to Object > Security Profiles > Vulnerability Protection Open the Exceptions tab Click on Show all
zarina,
  • 0
  • 0

Dealing with Unknown Traffic in Your Data Center

In previous posts , we have explored various data center security best practices  in protecting the data center, and of course Palo Alto Network’s fundamental approach starts off with application visibility. Applications in the data center can largely be divided into: Known data center applications – enterprise off-the-shelf, custom and home-grown. Management applications using RDP, Telnet, SSH to control the enterprise applications in (1) Rogue or misconfigured applications. The first set of applications should be allowed for authorized employees, the second set of applications should be enabled only for a select group …
  • 0
  • 2

How to Uninstall GlobalProtect Client Mac OS X

Overview This document describes the two methods used to uninstall GlobalProtect for MAC. Details Uninstall via Terminal $ sudo /Applications/GlobalProtect.app/Contents/Resources/uninstall_gp.sh Uninstall via pkg file Run the initial .pkg file the was used to do the install. This can be downloaded from the GlobalProtect Portal page. Select Continue on the Introduction
sspringer,
  • 0
  • 7

Protections Released for Flame

Today Palo Alto Networks released emergency antivirus release #756 to provide coverage for the recently discovered Flame malware. This update includes multiple signatures to detect the main module of Flame as well as its subcomponents including dvnetcfg.ocx, advnetcfg.ocx, and soapr32.ocx. Symantec has published a very good summary of these components and their role in the overall functionality of the malware. As has been widely reported, Flame is the latest example of very sophisticated malware that at least appears to be the work of a nation-state or states. While there are no shortage …
  • 0
  • 0

Islands in the Stream(ing media)

Several years ago while working at my former company, IT issued a notice to all employees that Internet radio was off limits. IT had concerns that the pipe to the Internet didn’t have enough bandwidth to go around. Most people found the notice bothersome, even though at the time, I didn’t know anyone who was actually listening to Internet radio on a regular basis. The reason for their outrage was not because they were losing something they needed, but rather they weren’t given the option to have it at all.
Brian Tokuyoshi,
  • 0
  • 1

OSPF Neighborship Stuck in Extstart State.

Symptoms OSPF Neighborship stuck in extstart state. Resolution In the majority of cases, a mismatch in MTU is the cause of this issue. Every router participating in the OSPF network needs to be configured with the exact same MTU value. If a "deny all" rule is part of the firewall's
sraghunandan,
  • 0
  • 0

Recap from the Data Center Summit

  • 0
  • 1746

Recap from the Data Center Summit

We finally wrapped up our worldwide 10-city data center summit tour last week. I personally logged more than 40,000 miles, advanced my ability to work in a cramped airline seat, and sampled local cuisine from Singapore Chilli Crab to Australian King Prawns. But the highlight for me, of course, was meeting attendees, customers and partners at the summits and being able to share our data center story.
  • 0
  • 6

How to Configure Firewall Management Using a Layer 3 Interface

Steps Go to Network > Network Profiles > Interface Mgmt to define an Interface Management profile. Select the Services needed to be allowed from the list. (Optional) Select the source IP addresses to configure the firewall. Associate the Interface Management profile with the Interface (Network > Interfaces > Ethernet >
Ameya-Kawimandan,
  • 0
  • 2

IPSec VPN with Peer ID Set to FQDN

Palo Alto Networks firewalls will only accept an FQDN peer ID when the tunnel mode is set to aggressive. If the tunnel is configured for main mode with an FQDN peer ID setup, the following error message will be displayed: IKE phase-1 negotiation failed. When pre-shared key is used, peer-ID
sraghunandan,
  • 0
  • 1

How to Verify SNMP Functionality

A quick way to check if PAN-OS can be polled using SNMP is to use a MIB browser such as iReasoning. A free personal edition can be downloaded here. Configure SNMP version 2 using steps 2 and 3 in the document How to Configure SNMPv2 on the Palo Alto Networks
Ameya-Kawimandan,
  • 0
  • 3

Authentication Options for the Web Interface and CLI

When local authentication isn't the best method, two other authentication mechanisms can be used for administrators. The recommended option is to use radius. Palo Alto Networks recommends RADIUS because of its role support. More information on configuring the radius dictionary can be found in the document Vendor Specific Radius Attributes.
sraghunandan,
  • 0
  • 1

Link Monitoring for Unplugged Ethernet Ports

Overview From the firewall's point of view, a "down" interface and an interface that isn't physically connected is the same. That means if link monitoring is active on a port that is not physically connected, the device will change it's state to non-functional and fail over.   Link monitoring should
sraghunandan,
  • 0
  • 0

How to View/Clear Sessions from the Session Monitor

Details The active sessions can be viewed/cleared either from the command line or from the WebGUI.   From the WebGUI: Go to Monitor > Session Browser to view or clear sessions. To view the entire session information click on the button shown in the following screenshot:   Now the entire
zarina,
  • 0
  • 0

How to Export Core Files from a Palo Alto Networks Device

Details Core files have to be exported from the Palo Alto Networks firewalls directly through the TFTP or SCP protocols. The existence of core files on the device can be verified with the following command: > show system files If looking in the Tech Support file that was generated and
npare,
  • 0
  • 1
Displaying 9991 to 10020 of 11273