Join us live for an in-depth look at the latest advancements in cybersecurity, best practices, tips and tricks, demos and
more to protect your business and defend against threats in real
Basically, the traffic monitor is showing DNS traffic going from my DNS server in the trusted zone to the external root DNS (our ISP) in the untrusted zone, and user is the PA's own domain account.
All of it's coming from a domain controller that also
...
Hi All,
Model- 2050 and PANOS- 5.0.6
In security policies groups are showed as a single user and any new user added to that group are not getting identified by the PaloAlto firewall. In source user column in policy showing single user icon instead gro
...
Hello,
I was wondering if anyone out there has done a successful setup with fronting the Panorama with the WebSDK. I've gone through the docs and they tend to be more aimed at adding individual devices into it and assigning them to customers. We manag
...
Hi,
it is not easy to locate devices making trouble without having a reliable MAC-IP mapping in BYOD environments. With IPv4 we can solve this at the switches side with DHCP-Snooping ans ARP-Protect to assure that only IP addresses assigned by DHCP ca
...
Hello,
We have a customer who is using PA-3020 in L3 A/P cluster, running PanOS 5.0.2.
We have set up User-ID with PanAgent services (Primary and Secondary) installed on two different servers members of the domain.
User-ID is configured to be based on :
...
I have a client where I would like to rate limit egress traffic from an internal source IP. This source IP tends to be a major bandwidth hog. I currently have no QOS profiles setup but I do see the option to limit egress I believe.
Are QOS profiles th
...
As per the subject, is this possible to do?
We'd like to have specific types of files logged when it enters or leaves our network but since there is no such file type on the system, it isn't being logged.
Thanks
Hello all,
Because of a domain name change, I created a new CA certificate on the PA500 which is our portal. I set this certificate as server certificate in the Portal settings. I committed, restarted the web-server and sslvpn processes.
But the new po
...
I am looking for clarification as to how the 'Host Type' field works in a vulnerability protection profile.
For instance, we have a profile configured to protect our DMZ with six rules as follows:
RuleThreat NameCVEHost TypeSeverityActionclient-critica...
I have a problem that my PA 2020 firewall is not generating any new logs. I was on a remote session with an engineer yesterday for something unrelated and in the course of that call the logs stopped generating. It wasn't until today that I went and c
...
Hi,
We wanted to forward the traffic coming on public interface (1.1.1.1) with port 80 to an another ip address on another interface (DMZ - 2.2.2.2)
just to forward, not want to NAT,
we've written a Pbf untrust to 1.1.1.1 with destination port 80 forwar
...
hi,
We are implementing NAT for ActiveSync and we would like to decrypt SSL, my question is if SSL inbound inspection model with mobile device and ActiveSync requires a Root or client certificates?
Hi,
Is it somehow possible to use "custom" filters in the ACC?
I like the drill-down features in the Application Command Center(ACC), but what I'm trying to do is to drill-down on specific applications that do not appear in the "top 25".
Currently I hav
...
Does Palo Alto have any documentation on MIBS for SSL. If so could someone point me in the right direction.
on:
Need help with Global Protect Internal Gateway
on:
Submit IP to known malicious IP or High Risk IP
