I guess the answer is no, but is it possible to view PSK over the CLI in plain text or with the exported XML config? Thanks All,Myky
Hello, I would like to know if it was possible, and how, to grant access in the internal network (wired and wi-fi), on the basis of the presence of an application. In fact, I want to allow access to devices where spécific applications are installed, and redirect others to a captive portal for identification. Have you got any information tu set u...
We're trying to find a way to redirect people trying to hit our Globalprotect login page on straight http to redirect to https seemlessly. We thought we had this working with an inbound NAT policy with destination translation looking for original service as TCP 80 and the translation moved it to TCP 443. This doesn't actually seem to be workin...
Is it possbile to set up a VPN using ikev2 and if so is there a document of the steps to create it?
PA-3020 ,7.1.8. PA has 3 tunnels with 3 sites. Site1 - PA200 on other side tunnel traffic fine. ping from site1 to subnet behind Pa3020 works with 1472 mtu and fails afterthat. Site2- Tried to migrated from ssg140 to PA-3020,other side Cisco 871. Traffic from PA-3020 to Site2 works fine.But from Site2 to PA3020 can only ping. rdp,mail,port 80 t...
Hi, we have a PA3050 and we are expecting a problem related to Group mapping. We have added two new groups in LDAP Group mapping profile. We can add these 2 groups using WebUIS "Included groups", we launch a refresh userid group-mapping but when we run "show user group-mapping state all", we can see all goups but not the new ones added. Why Pa i...
I have a quick question about moving an existing set of firewalls to Panorama. We don't want to migrate the whole config, just want to get it setup so we can send the logs on the device to Panorama so we can utilize the benefits of log aggregation for parsing logs. From my understanding of it, I only need to setup the trust between Panorama an...
I just upgraded and rebooted my firewall. When I choose to highlight unused rules it is showing rules that I can not find any traffic for in the traffic monitor as used. I thought the reboot would reset everything but I have no idea why a rule that appears to be unused is showing used - any ideas?
Occaisionally we get an attack from a single IP to one of our external servers where the attacker tries a whole bunch of known exploits. Is there anything like a "Zone Protection" for this type of attack? I'm looking for something where an external bad actor gets blacklisted for a period of time after it tries a number of expolits.
Since there are no physical interface on VM PA. So it doesn't show any data under sh interface command.How can you poll these interfaces.
Is it possible to use HIP Profiles with just custom checks without a HIP license? (Sort of the way you can with URL filtering.)
Hello, I´m in a project of migrationg a Juniper SSG to a Palo Alto FW. While migrating the existing policies I find it where confusing to list all policies in one list. Juniper separted the policies by the source an destination security zone. Is there any best practice to keep the security policies not confusing. How to group or filter them? Any...
Hey folks, Newbie here. 🙂 I had this going successful before, but after a factory default, not working for me for some reason. I've followed this helpful article before and worked on my first try, but not now for some reason.https://live.paloaltonetworks.com/t5/Configuration-Articles/Setting-Up-the-PA-200-for-Home-and-Small-Office/ta-p/61838 ...
Hi guys, I'm new to PA so I hope this is not a stupid question. I configured my VM-100 with two interfaces (plus manegment), the two interface were setup as Virtual Wire. I can capture traffic going through and everything works from a user perspective. However, I get 0 sessions on the FW and no hits on any of the policies. I even created an univ...
Hello All,My system is multi vsys environment, I need to route traffic from untrust to trust.My source is internet and destination is my second Public IP subnet in trust interface.I investigate and found log from Global Counters "Packets dropped: invalid interface". I try to add public ip to loopback and secondary ip but could not help. How can...
