To all, Just wanted to post a message about the Hot Topic right now, which is Covid-19. With all of this going around, everybody's health and safely is the utmost concern. Keeping your hands clean, washing your hands (A LOT), using hand sanitizers, a...
We have had SSL decryption configured since we deployed Palo Alto firewalls and it works with little issue on our Windows OS platforms. We have a new project to deploy a few MacOS clients as the application development team requires the ability to te...
Do I need license to test Azure HA scenario. I am following all the steps but HA1 doesn't come up.I don't have any licenses. And doing a test run of implementation as HA active/passive.Default 10.0 gets installed with BYOL, but we don't have license ...
Guys, good afternoon. I have a very confusing problem, I try to access a certain "HTTP" site and I get an error (It is not possible to access that site), we perform a test outside our network and the access is done normally. Analyzing the LOGS, I fou...
Galera, boa tarde. Estou com um problema bastante confuso, tento acessar um determinado site "HTTP" é recebo a erro (Não é possível acessar esse site), realizamos um teste fora da nossa rede é o acesso é realizado normalmente. Analisando os LOGS veri...
I have a use-case that all subnets/VLANs should be able to access the server (192.168.4.4) via HTTP using the loopback IP address 192.168.6.2/32. The PA firewall is the gateway for all the VLANs. I would like to confirm if this is possible? The sourc...
Hello, we have 2 ISPs . .Static route with metric 10 for the 1st one and another static route with metric 20 for the second one .We have 2 nat rules for LAN. 1st one is via ISP1 and 2nd is via ISP2.So when we change the default route we need to reord...
Hi everyone I would like to prepare the certification PCNSA.My idea is to pay the tax exam as soon as posible will make force me to study the exam. I would like to know how many hours and time will need for I am going to the exam. Regards
I have seen for example on a small firewall when the customer enables SSL decryption that the counters for work groups "ecdhe_key_gen", "flow_host " etc. jump. This may show that the firewall can't handle the ssl decryption or that there is an SSL DD...
Hello,We have changed a 2 palo alto 5220 in cluster for another 2 palo alto 5250 version 8.1.16.We have migrated the configuration by exporting and adapting the xml.Everything works ok except for a detail in the new passive fw. we have detected it wh...
Anyone ever seen a one way audio when mitel phone configured for telework mode is on the inside trusted network? The mitel border gateway is in the dmz nat'd to an outside public ip, and works fine with all phones but telework enabled phones when on ...
Without giving any low level infohow would a person go about a blocking a single user, via policy, get blocked from trust-untrust common apps w/o affecting other users?Create a policy above it? Or negate the user?
NAT translation goes like this:Destination NAT and Security Policy:https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/networking/nat/nat-configuration-examples/destination-nat-exampleone-to-one-mapping.htmlPolicy Based Forwarding:Polices > Pol...
I now have GP connected automatically with a certificate pushed out via InTune. This is on a Surface Laptop running Win 10. I typically log in with face recognition. After I log on and notice that I have TCP/IP access through the GP connection and in...
Hi, I have searched and found similar posts but none seem to have a working solution for this... I have a simple security policy to deny access to a VM located in the 'trust' zone if it matches a user in the user group created on the AD server. I've ...
on:
trust-untrust common apps block user
on:
PXE boot not working through FW
