To all, Just wanted to post a message about the Hot Topic right now, which is Covid-19. With all of this going around, everybody's health and safely is the utmost concern. Keeping your hands clean, washing your hands (A LOT), using hand sanitizers, a...
Greetings:I am seeing in the System Log the following message "dns-signature cloud service connection refused" Checking the traffic logs the management IP address is not being blocked. Where do I look to resolve this error message? Thank you.
Hello community, I´d like to check with you regarding the following:Since upgrading the user-id agent from 8.0 to 8.1 the user-id logs in the firewalls are showing "Managed Service Accounts" (computer accounts with "$" appended at the end) in the way...
Our GlobalProtect VPN was using a self-signed certificate which got expired caused end users not being able to connect to the VPN.This raises the question that what are the ways to get alerted for these sort of incidents. Is there any in-build mechan...
Can we integrate clearpass as a radius server for Global Protect 2FA ?
Hello Folks, I am trying to build a site to site vpn between a Palo Alto firewall running 8.1.7 and a Checkpoint firewall. Settings are configured to use IKEv2 only with certificate based authentication. While the logs below are from lab setup, but t...
I'm part of a cloud team that does not manage the FW but am not getting clear answers from them.My operations counterparts have the following issue: Support person logs into IP address x.x.x.x into production domain. As part of their function, they m...
Hi , Can someone share best pratices and guidelines on how to use tags on PA ?
Is it best practice to override template variable settings at the template-stack or at the device level? It looks like template stack would be sufficient unless you have multiple firewalls and only a select number with different settings.
Hello, In our lab, we made a set up about peering BGP between Palo and a third part device.According to this kb from Palo : "The Palo Alto Networks firewall does not advertise an aggregated route to its peer when it receives a prefix falling within t...
We have found in the logs, Malicious DNS queries are being blocked but few of them are in Alert State. however the Domain is marked as a malicious in DNS signature at Threat Vault.Can you please elaborate why paloalto having dual action on same malic...
Hi, I am trying to replace my ISP-provided Zyxel home router with a PA-200. I'm also subscribing to IPTV from the same ISP, with a Thomson DBI-8500E-TLN2 IPTV PVR.The zyxel - while branded, appears to run standard zyxel firmware - the config doesn't ...
I did not see any good information on how to fix this issue. I accidently entered the wrong subnet under Device > Interfaces > Interface > Allowed IP Addresses and was locked out of my primary firewall. I could still login to the backup as this was n...
Hi Team We are getting below critical alarm in firewall. Please let me know how to resolve this issue RegardsMohammed
Hi I have 8.1.5 on the pa and 4.1.11-9 client I have setup the gateway for video traffic exclusion, and selected youtube-streaming netflix-streaming But a simple test shows utube still come over the tunnel address I want to allow MS Teams to by pass ...
When it comes to vm series firewalls, Layer 3 subinterfaces, trunks and port groups, are there any downsides/catches/cautions to setting the ESXI port group to use vlan 4095 (trunk), and then simply utilize layer 3 subinterfaces on the vmseries firew...
on:
General question about firewalls
on:
How to identify high dataplane CPU
on:
Limiting users access in palo alto firewall
