Different Actions for Security Rules

Hi Guys,

I would like to know what are the difference between the following actions in the security rules for PA.

1. Deny

2. Drop

3. Reset-client

4. Reset-server

5. Reset-both

Which of these are the most preferred to use? Is deny or drop action also resets

Two IP address from same subnet on an 1 Aggregated Interface

Hello All, 

I am pretty new to Palo Alto, wanted to check if the an aggregated port in PA can be assigned with 2 IP addresses from same subnet, say 1.1.1.2/29 and 1.1.1.4/29. The Idea is the ethernet interfaces 1 & 2 that are be bonded to ae will be

SMB URL File Logging acheivable or not?

Hi Palo Alto Experts,

I want to know if we want to log SMB URL Blocked events then can we do in Palo Alto or not? Basically, the requirement is as below:

Example URL if typed by compromise system is: smb://www.example.com/fileshare/malware.exe

Right

Add network to address group via CLI?

I am trying to add a network to an address group via CLI on PAN OS 9.1.X

# set vsys vsys2 address-group XXXXXXXX static 108.61.41.0/24

Server error :  static '108.61.41.0/24' is not a valid reference

What is the valid syntax?

Outside interface listening on HTTPS "502 Bad Gateway"

I have this odd issue whereas one of HA Pairs seems to be listening on 443 on its outside interface for GP but I don't use GP and never had.  I have a interface profile that allows HTTPS but not from any IP and when I disable that it still shows that

Issue with proofpoint emerging threats

Hi All,

I am testing minemeld with proofpoint emerging threats service.

I am having issues with the miner because the categories are not set correctly.

I think that the miner reaches for a csv file available to proofpoint subscribers that contains ip,ca

Is Minemeld supported on OEL(Oracle Enterprise Linux)?

Currently we have Minemeld running on Redhat linux and planning to migrate to OEL. Can you confirm if Minemeld runs on OEL? 

URL wildcard Pattern

Hello everyone, I need to block URLs that have a word pattern/string, It is possible to restrict certain strings inside the name of a URL?? for example the word "good" inside the website "www.goodwill.com" to be blocked ? I already try with Wildcards

Data copying over Global protect VPN

Hello,

I have one query:-

If, I am connected with GP VPN and. I want to prevent the users can not copy files or data from the shared folder and server.

is it possible?

Destination NAT for Route base VPN

We have an requirement to set up a route base VPN, but remote proxy IP subnet clash with an existing remote subnet.

We are planning to use destination NAT, but not sure, how the routing will be controlled.

Please help to solve this problem.

Palo alto routing query

Incompatibility Acrobat-GlobalProtect

Hi,

Customer upgrade Adobe to versión 21.001.20135 and Global Protect stopped working. Issue is th esame like this:

https://community.adobe.com/t5/acrobat/adobe-acrobat-reader-21-001-20135-preventing-users-to-connect-to-global-protect/td-p/11823885?pr