Hi, Is there anyway to filter the policies by zone? or other parameters? Is there any guide about this? Thanks a lot.
I'm new to AWS, but not new to Palo Alto. We are at the initial phases of building out our AWS environment. I'm getting familiar with AWS but not an expert by any means. I thought I'd start with a trial version of Palo Alto for AWS. At any rate, I've followed some Palo Alto documentation (Set Up the VM-Series Firewall in AWS) to get things rolli...
Management has asked for a weekly summary of department web activity on our new PA-500. I created a User Activity Report for each department but these reports are not conscise and difficult to read, especially for managers who would like a summary. Our old device had a group report of user web traffic that had graphs with helpful info like ...
When I try to install the ESM core and console with a service account that does have the logon as a service rights but not administrator rights, I keep running into issues. As I don't like to grant full admin rights to a service account on a box I'd like to know the exact rights needed for this service account. Can someone provide them?
This is on a PA-3020 running PAN-OS 7.0.4. I've always manually chained certificates when installed an SSL certificate for Global Protect. I decided to see if I could install the SSL certificate and the Intermediate certificates separately and see if it would work. I configured Global Protect Portal > Agent Configuration > Trusted Root...
Hi, I'm looking for a best practice when deploying Panorama accross multiple sites that do not really have any interconnections (and have quite a few overlapping subnets). From what I understand, the firewalls themselves initiate the connection towards the Panorama instance (VM appliance in this case). The VM instance has one ethernet link. ...
We use Panorama to manage our firewalls and have a template configured with settings for all of our devices. I would like to split the devices by region for administrative access and would like to retain the current settings in the template. I can create a new stack, but would lose the settings in the current template so wondered if it's possibl...
Hi, I've added two VM-100's to Panorama and placed them into a device group. Connectivity is okay, deploying templates goes fine, but for some reason when I try to configure Panorama to shedule dynamic updates to the VM's, they don't show up in the list of devices to push it to, see: http://imgur.com/a/7hEbi Which probably easy/silly step did ...
Hello Community, our customer has a Cluster of PA-3020 with PANOS 7.0.2. We have enabled Application Block Page and the Internal users can view it properly. Customer has a rule to permit Web-browsing traffic from Internet to DMZ. When users try to show the web page published by the server on the rule, he view the Application Block Page that...
Hello All, Was just wondering if anyone may be able to help with this our question. Please see the attached High Level Diagram. Both Firewalls are PA 3020's with the full licence set enabled. We need to replace the ISA server which is not providing any other functions than forwarding the traffic down one of the 3 paths in the diagram, unfortun...
Hello I've been trying to create a custom vulnerability and I have encountered this limitation:Currently in Threat Database Vault 529 version there are 50 signatures for PHP. I'm trying to add all PHP signatures and this message appears when it exceeds 17 signatures. 😞Is this limitation correct or is a fail? 😞 A few days ago we suffer multipl...
Hello everyone I have this threat signature.: "NUCLEAR Exploit Detection Kit (38268)" , and I'm researching on what date was it created?I need to know which version of the threats database was included and released this signature? I would greatly appreciate any help. Regards, dicu
Hello,We’ve a problem with one of our customer.Probably due to a carrier router misconfiguration, packets coming from - and only - a specific IP source are matched as fragmented by PA. As consequence, due to a Zone Protection and Fragmented Traffic profile applied to that zone, some kind of traffic that comes from that IP is discarded (for examp...
HelloDoes anyone know if it is possible get a list of all vulnerabilities Threat Vault?https://threatvault.paloaltonetworks.com/#I would like to get a list of all vulnerabilities and classify not only by severity.Thanks,dicu
I currently have a marathon support case open and support's latest reply includes an internal-only link (I'm pretty sure), so I can't read it. 😞 The release notes for 7.0 specify: "High Availability (HA) Link Monitoring is only supported on VMware ESXi installations that support DirectPath I/O." This is the only mention of DirectPath in the e...
