10-13-2017 09:59 AM
A wrap of our summer question leads into fall or autumn, as your preference may be, wherein we ask:
What is your favorite Palo Alto Networks feature?
Did it help solve a problem you were facing?
As a former support engineer, I always like to hear when customers arrive at that a-ha moment of understanding or discovery, when the firewall does something simple and basic, or amazing and extraordinary, but always in time to solve a problem.
I'm looking forward to hearing which feature(s) of the firewall most tickle your fancy. I've got a few of my own... You first.
12-06-2017 01:39 PM
Global Search! It's so nice to be able to see where objects are configured quickly.
12-06-2017 08:25 PM
Hi,
I like the URL filtering category specillay ssl decryption to blocking the evasive applications.
12-06-2017 10:01 PM
the whole idea about APP-ID, gives you a total overview and visibility on what goes on. both for allowing and denying stuff and troubleshooting.
12-06-2017 11:10 PM
show counter global filter packet-filter yes delta yes
This is the best of many great features
-=Tommy=-
12-07-2017 01:38 AM
Hi!
I would say, in short, that my favourite feature is the architecture, the strength of the security policies.
On top of that I would say XML-API.
12-08-2017 07:54 AM
I am almost ready to implement Zone protection in alert mode but I have 1 concern, the syn packets don't seem to really offer just an a alert only a random early drop.
12-11-2017 02:32 PM
My favorite feature is probably not a feature. I remember logging in the first time to the PA and was trying to figure out why something wasn't connecting and at the time my knowledge with PA was in its infancy. I logged on and saw the monitor tab and was able to put in my source and destination IP address and it showed me exactly why the connection was failing. I was able to apply a fix in minutes that would have taken me longer on our previous system using syslogs. It was the ah-ha moment for me at that time. Great technology!!
Todd
12-31-2017 12:14 PM
QOS is way under used.
I have seen it clear up all kinds of audio funk with all kinds of apps simply by using the default classes. This had an affect even without bandwidth contention. No DCSP, no TOS. Just create a couple rules for the touchy apps and set them to Class 1.
If you want to get fancy, combine it with our custom applications (i.e. NCAA) to cap bandwidth on custom apps. Schedule it so that every 15 minutes the bosses computer gets a trickle, just to mess with him/here. Allow bittorent at a slow rate as League of legends has that as a dependency, etc.
Bob
01-02-2018 02:50 PM - edited 01-02-2018 02:51 PM
@jdprovine& @BPry, There is an "alert".. just look at what it shows. There are 3 fields..
Alert, Activate and Maximum.
Set the Alert number where you want to alert.. and you will be alerted.
If the numbers reach the Activate level.. then it will activate. I would recommend that you set that to be the Highest level, along with the Maximum in order to meet your needs. Hope this helps and makes sense.
01-03-2018 06:09 AM
another area of zone protection looks like the only setting is a drop of traffc,
01-06-2018 08:45 PM
Thanks, everyone, for your comments and the lively discussion! We'll be sure to pass along your praise for the Palo Alto Networks Next Generation firewall to those who will smile the widest when hearing the news and reviews of this great engineering feat. Back with a wrap-up soon!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
