When PAN-OS is configured to use Strata Logging Service (SLS), administrators can choose between Single Forwarding and Dual Forwarding modes. While both options facilitate log delivery to SLS, they utilize entirely different delivery mechanisms and provide different operational guarantees. This distinction is critical if you observe logs that ...
Google Cloud Network Security Integration (NSI) Author - Nidhi Pandey This document provides a comprehensive overview of the Network Security Integration (NSI) deployment . This document describes an in-line traffic inspection architecture using Palo Alto Networks VM-Series Next-Generation Firewalls. The NSI deployment follows Google Cloud...
This article is a continuation of my previous one, 'Automating the Palo Alto NGFW's Process/Deamon Restarts'. While using TCL Expect is one of the classic methods for automating legacy devices, modern infrastructure demands more robust solutions like Ansible AWX for better scalability and management. 1. Overview 2. AWX ansible installatio...
One of the most common challenges administrators face when utilizing App-ID is the "Monday Morning Surprise": a new content update is installed, a broad application (like ssl) is refined into a more specific one (like acme-app), and suddenly, business-critical traffic is blocked by a default deny rule because the new App-ID hasn't been added to ...
Bring the fight to the edge. In an OT environment, defense is about time, and the edge is where you still have it. Joint research by Palo Alto Networks, Siemens, and the Idaho National Laboratory (INL) analyzed global telemetry from over 61,000 firewalls deployed in OT environments, alongside 20 years of historical incident data. The analysis ...
In today's complex threat landscape, a single layer of security is no longer sufficient. Attackers leverage multi-stage, evasive techniques to bypass traditional defenses. Palo Alto Networks addresses this challenge by integrating best-of-breed security services to provide a layered, defense-in-depth architecture. This article explores the pow...
In today's digital landscape, modern collaboration tools like WhatsApp Web are essential for business-to-consumer (B2C) communication. While they offer incredible speed, they also introduce a critical security challenge: how do you prevent sensitive data exfiltration through applications that use end-to-end encryption? This encryption creates a ...
Introduction: The AI-First Workplace In just three short years, Generative AI has transitioned from a viral curiosity to the fundamental operating system of the modern professional. As we enter 2026, the numbers paint a staggering picture of this shift: over 1.5 billion people now interact with standalone AI platforms monthly, and in the corpo...
We all know ChatGPT can write code and articles, but can it automate the specialized task of threat mitigation? We set out to test the capabilities of AI by asking it to generate a Palo Alto Networks custom signature. Before diving into the experiment, let's establish some foundational context on the technology that drives these platforms. C...
I have made this article to show how to rate limit the file upload HTTP requests on the file upload URL for a source IP address Before you begin, I recommend reviewing my article on How to Write Palo Alto Networks Custom Vulnerability and Application Signatures with Examples. That article provides a foundation for this topic by demonstrating...
Hello everyone, I wanted to share some knowledge I've gained about investigating common Layer 1 to Layer 4 issues, such as MTU mismatches and DoS attacks, using key Palo Alto Networks firewall features like Global Counters, Flow Debug, and packet captures. The first steps in troubleshooting these issues are always to check your routing, run ...
This Nominated Discussion Article is based on the post "Configure Split tunneling by domain" by @BigPalo and responded to by @Raido_Rattameister and @BPry Read on to see the discussion and solution! Hi, I just configured split tunneling by domain using this domain test: *.portal.microsoft.com (port 443) But i can not see this traffic going ...
Written by Alex Laulhe. With special thanks to Anupam S. & Amogh G. for their contributions. This guide is designed to help firewall admins effectively understand flood attack prevention and troubleshoot flooding incidents detected by Palo Alto Networks firewalls. Whether the event is triggered by packet buffer protection (PBP), Zone Pro...
This article is inspired from Tips & Tricks: Flow Basic Debugging written by @kiwi and I recommend reading that article first before reading this one. Palo Alto Networks NGFWs use App-ID to detect the exact application inside a traffic stream but sometimes traffic will be first classified for example as App-ID "SSL" and after the decrypti...
What is Selective Push? Selective Push on Panorama lets you deploy specific configuration to your firewalls instead of pushing everything all at once. Terminology Push Scope: The final admin view of committed changes with an option to select the changes that will be pushed to the selected target firewalls. Config Audit Window: This window is ...
