- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Hello Experts We have communication between DC and there are four three firewalls in between. So for bidirectional policy, I need to create same two rules on fw1, two rules on fw2 and two rules on fw3 (the only difference is offouce zone names and policy name). All firewalls are managed through Panorama. How I can quickly copy and paste firewall...
Hi there, We currently have a Cisco ASA 5512 in place, and we're planinng on implementing a PA-500 for web and app filtering. Has any one in the community ever done this before? If so, I'd greatly appreciate some advice. Thank you
Hello Experts I was checking confiugration on my PA firewall and I foud for every source and destination NAT, the public IP for NAT with /32 was assigned to external interface of firewall. In my opinion there is no need to assign public IP /32 to external interface of firewall? Can any body explain to me this
Hi, We have around 500 concurrent SSL clients connecting to our Palo Alto Gateway using Global Protect version 3.0.1. If I activate the newest version on the Firewall (Version 3.1.3), will the existing clients be unaffected by this activation and continue to work. Due to PC lockdown's in our organisation, I can't easily enforce an auto upgrade f...
Hello Does PA support point to multipoint IPSEC in hub and spoke VPN envorirnmet? Means Only one tunnel interface we create on hub and through NHTB protocol, nexthop is bind to SA. Regards, GR
Hello Experts Someone from PA told me that for public service like email server, where bidirectional NAT is required, it is best practice to use source NAT and destination NAT for the same public IP instead of using static NAT because static NAT will create the rule from every zone to server zone NAT. Can any body confirm this, really it is a be...
Hello Experts When I confiugre the NAT and associated security policy then I always confuse about the direction of zones. As I understand NAT zones are always determined by ingress interface zone (source zone) and route lookup gives the outoing interface zone (destination zone) but my question is when we confiugre the associated security policy ...
Hello Experts PA side there are two subnets: 10.0.1.0/24, 10.0.2.0/24 and Cisco side there are also three subnets 172.16.1.0/24 , 172.16.2.0/24. On PA firewall, I defined the proxy-id as below:proxy-id1: local: 10.0.1.0/24 remote: 172.16.1.0/24 proxy-id2: local: 10.0.1.0/24 remote: 172.16.2.0/24 proxy-id3: local: 10.0.1.0/24 remote: 172.16.1.0/2...
I have setup two rules for blocking bittorrent on a particular zone. First rule is set to Deny Trust to Untrust using an application filter built with P2P applications. Second rule is set to Deny Untrust to Trust using the same application filter. I am able to block any uploading content, but the filter doesn't block any torrents from downloa...
Hi,Guys: I found the category "Not-resolved" in device GUI(Both Pandb and Brightcloud), I searched it in paloaltonetworks.com and brightcloud.com website, But could not get any description about it. Any guy explain it ? Thanks Victor.Bai
Hi all, I am looking to add around 60+ NAT rules for monitoring over IPsec that requires a policy NAT. I need to have them above another rule in the list for it to work. It is a very messy NAT list that I don't have the freedom to clean up. The NAT entries are being added to a device group in Panorama. Thanks in advance, Danny
Hi, target is to allow im apps but modify categires. I have created a policy allowing IM and modify most categories as block. Policy sample:Policy is SRC: 192.168.x.x | DST: any | Srv: any | App: IM (viberbased,im,googlebased,ssl) | Url:BLK_CATEG BLK_CATEG (list of blocked categories)News / MediaTravelVehiclesSports / recreationsSociety and Lif...
Is there any way to block users' uploading attachment for public email (gmail, yahoo mail and hotmail) ? I created a security policy for allowing applications (gmail, hotmail, yahoo-mail) and associated with file blocking profile but didn't work. Please advise if the configuration is correct.
Hi Guys, I'm rather new to Palo and this community, so forgive me if I don't do this right. We need to restrict the Egress Max of just one tunnel (out of 9) on a tunnel interface.The config looks like this right now: I would like to change just tunnel 9 to 1Mbps. How would I go about doing that? Thanks in advanceRonelle
| Subject | Likes |
|---|---|
| 4 Likes | |
| 3 Likes | |
| 2 Likes | |
| 2 Likes | |
| 1 Like |
| User | Likes Count |
|---|---|
| 7 | |
| 5 | |
| 3 | |
| 3 | |
| 3 |

