Resolved! BPA| Policies > Authentication Rules
Hi guys.
From the autentication section, I got a non-compliant for "Services Include http and https (Fail)" but as a recommendation at says
Threads in this discussion area are read-only. If you have a question about BPA/BPA+ tools please visit our AIOps for NGFW discussions.
Threads in this discussion area are read-only. If you have a question about BPA/BPA+ tools please visit our AIOps for NGFW discussions.
Threads in this discussion area are read-only. If you have a question about BPA/BPA+ tools please visit our AIOps for NGFW discussions.
Hi guys.
From the autentication section, I got a non-compliant for "Services Include http and https (Fail)" but as a recommendation at says
Hi,
I'm new to palo alto I'm looking for best configuration advice of BGP with 2 ISP and own /24 class network at this moment I have established bgp connection between two internet providers. I'm exporting /24 class to both ISP but outsite I'm sti
...
we have 2 new 5410 that I'm trying to set up for active/active. we have 2 ISPs a single physical content filter and a single core switch. I know there will be some fail point with the single core and content filter. my question is so i need to wire m
...
I need to secure Syslog sending from Palo devices to SolarWinds Kiwi Syslog server using SSL. We're currently sending Syslog to the Kiwi Server over UDP successfully without issue. However, when I changed the transport to SSL (6514) and set the certi
...
I would like to utilize the Best Practices Assessment (BPA) tool in my Cloud Managed Prisma Access environment.
I followed the usage procedure, and tried to output the support file on the customer support screen, but I could generate it but not downl
...
I see i'm on an unsupported version of PAN OS. I'd like to upgrade but I'm stumped on the upgrade path. 10.0 is EOL so it doesnt list a preferred release. Can I move to 10.1 immedietly? Also, 10.1 version lists 10.1.5 as the first version on the
...
Issue:
PNHB has performed penetration tests (PENTEST) for all our firewalls. For Palo Alto PA-820, attached herewith vulnerabilities list for your team to help us to rectify.
2. Can you please clarify me on this reports generated is only the BPA s
...
hello everybody,
Our firewall is a VM 500-Series model. All IP addresses in our firewall's Untrust nic subnet have already been used, so we must attach a new subnet to the nic interface. Therefore, I want to know if a firewall supports multiple sub
...
Greetings,
I wanted to reach out to the community regarding a best practice or some insight / advice moving to 10G SFP's in our environment on 5200 Series. We have a CISCO Switch for Inet connected via 1G and utilizing 2 ports on the CISCO switch a
...
Hello Guys,
I am in the middle of preparation for moving one interface of PA cluster to new fabric. I would like to ask you for best approach to minimize the impact(no impact would be best). Appreciate any input.
My plan is now as follows:
1, Take conf
...
Dear all,
I am looking for a solution in applying DHCP relay on Palo Alto FW.
problem Description
there are many sub-interfaces and one DHCP server. in this case, do I need to add(network->DHCP->DHCP Relay)
each subinterface with the DNCP server.
try
...
Hello!
First time posting here so please forgive me for any fouls.
My question is if anyone has had any experience with how many API-calls a PA-5220 could handle, more specifically the "troubleshooting" via ansible-playbooks.
Running a playbook with abo
Hello all,
Our client company uses FQDN A and B that Nslookup the same IP, and the firewall has a DNS access policy applied with these FQDN.
Recently, the customer deleted the DNS of B, and if it is normal operation, it should be normal service with
...
Anyone found a solution to get the following false positive not to display?
Following all appear enabled, but still show up as failed
Interzone Deny Rule With Logging
Intrazone Deny Rule with Logging
New Apps with Application Filter
Inbound Malicious IP
...
On both the BPA and AIOps it is showing that none of our devices have global packet buffer protection enabled. Is this something wrongly flagged with the BPA or is something not configured correctly? There are logs pertaining to packet buffer protect
...