General Topics

Traffic denied by one context is allowed in the other

Hello All,

I have a strange situation and need some help.

I have 2 legs of my firewall implemented on Core and Edge level.

I have a host 10.1.1.10 behind my Core layer firewall trying to access an external FTP server.

On the core layer I have a policy t

...

Resolved! Application

I am trying to block some websites such as music.yahoo.com ,mylife.com Spaces.live.com and Talkgadget.com . But they aren't one of the listed choices and I am unable to add them to my blocked application list. How can I do that?

Panorama - 6.0.1 Impressions? Stable? Worth the risk/trouble?

Hi Everyone,

I have been reading the release notes... and Panorama 6.0.1 is looking really good.... but is it solid???

Also, our firewalls are on PAN-OS 5.0.8 ... will Panorama 6.0.1 have any issues managing firewalls on 5.0.8?

Thanks

Art

Global Protect Pre-Authentication with public SSL cert

Folks.

My boss wants me to implement "pre-authentication" for my Global protect clients, so that they authenticate against AD before logging on to their laptops when on VPN, and ergo run login scripts, group policies etc.

I have https://live.paloaltone

...

Resolved! GlobalProtect DNS server ignores the access routes

Hey all,

Just another PaloAlto funkiness I found out today...

When you configure a DNS server under the gateway configuration for GlobalProtect a route will automatically be added to route traffic to this DNS-ip through the tunnel: REGARDLESS of what y

...

Resolved! FTPS and Service - problem

Hello

I have FTP server on Debian 7 (ProFTPD 1.3.1) and security rule:

and now FTPS connection works.

With "application-default" as a service FTPS sessions hangs on listing directory and sfter some time FTP client was disconected.

I'm on 6.0.2 PAN with l

...

Do not display Threat log with descent sort on palo alto device 3020

Hi All,

I have a problem to view threat log on device.

My device is 3020 model, with 5.0.9 version, threat verion: 445-2292.

I do not see any threat log record when I select DESC sort, but I can see threat log with ASC sort.

Please help me why ?

thanks

Resolved! Cannot run GlobalProtect Portal on preferred IP address

Please correct any wrong statements:

1. I connect my PA to the "untrust internet" via ethernet 1/1

2. My ISP assigned me 164.67.80.0/24 block of IPV4 addresses (actually this is a lie...)

3. I assigned 164.67.80.2/24 to ethernet 1/1

4. The PA is capable

...

Mirror traffic from tunnel interfaces to SPAN port

Hello Everyone,

I'm new to the PA firewall's and trying to figure out how to monitor my tunnel interfaces, and the traffic flowing through them.

I have a PA-3020 running as an endpoint for several tunnels. I want to mirror the traffic from those tunn

...

Destination NAT on a Vwire?

Is there documentation on how to do this? All I have found is incomplete. Is the Destination Zone the same or different than the Source Zone? Do the addresses have to include the subnet mask? Are there any complete examples available?

Resolved! Help with custom vulnerability signature

Can someone provide documentation and insight in regards to creating custom IPS signatures based on the follow scenario?

Consider you have an FTP server. The USER command is vulnerable to buffer overflow. How does one create a custom signature to iden

...

EDNS Support

In the recent code releases has support for EDNS been added...If so, what release and can you point me in the direction of a good EDNS tech doc?!!

Thank you in advanced,

-jc

Security Policy-by Computer Name in domain

Hi,

I have a requirement from a customer, that he doesn't want user based security policy for a certain location.

He want that only specific computer names which are in domain should be blocked for certain application.

Is this possible using global pro

...

Redundant Ports

Hi,

the customer is looking for a redundant ports as there looking for a cross connection between two different switches.

is this possible? etherchannel/aggregate port configuration doesn't solve that issue as aggregate port goes in the same switch onl

...

PBF ISP Failover with one ISP interface as DHCP client

Hi all,

I have a client who has (for reasons beyond my ability to comprehend) decided to be pathologically cheap about one ISP link at one of their sites (running a PA-200), and are dropping their static IP in preference for more bandwidth at less cos

...

Discussions

Traffic denied by one context is allowed in the other

Resolved! Application

Panorama - 6.0.1 Impressions? Stable? Worth the risk/trouble?

Global Protect Pre-Authentication with public SSL cert

Resolved! GlobalProtect DNS server ignores the access routes

Resolved! FTPS and Service - problem

Do not display Threat log with descent sort on palo alto device 3020

Resolved! Cannot run GlobalProtect Portal on preferred IP address

Mirror traffic from tunnel interfaces to SPAN port

Destination NAT on a Vwire?

Resolved! Help with custom vulnerability signature

EDNS Support

Security Policy-by Computer Name in domain

Redundant Ports

PBF ISP Failover with one ISP interface as DHCP client

Help understanding Asymmetric Path issue

Can't import a certificate via XML API using C#

Unable to download new version

Edit personal information

best practice assessment option is not showing in paloalto customer portal

Re: What is still missing or needs to be improved in PA Next Generation Firewalls ?

CVE-2024-3400 IOC's

Re: Solution for "SSL decryption bypass for Anydesk"

Re: Failed to update content package

Re: Solution for "SSL decryption bypass for Anydesk"

Unlock your full community experience!

Resolved! Application

Resolved! GlobalProtect DNS server ignores the access routes

Resolved! FTPS and Service - problem

Resolved! Cannot run GlobalProtect Portal on preferred IP address

Resolved! Help with custom vulnerability signature