Resolved! Knowing overlapping rules
Hi,There is any way in PaloAlto to know the rules which are being overlapped in anothers????? thanks
Hi,There is any way in PaloAlto to know the rules which are being overlapped in anothers????? thanks
For those of you with global Palo deployments, here's a paper to get you started on what you should know about employee privacy issues. This issue can be complex in countries outside of the U.S."Next Generation Firewalls and Employee Privacy in the Global Enterprise”http://www.sans.org/reading-room/whitepapers/legal/generation-firewalls-employe...
Has anyone discovered any issues with H3? I have an odd issue and am not sure if it has to do with the layer 4 changes in the hotfix to address the evasion issues.I have upgraded 3 client sites. No issues at 2 of the sites. On the third side, I have an issue. This client has a public web site in a DMZ. The ACL allows it to be directly accessed b...
Hi,GP 2.1.0 is now released with the extended SSO support: With Single Sign-On (SSO), the GlobalProtect agent wraps the user’s Windows login credentials to automatically authenticate and connect to the GlobalProtect portal and gateway. SSO has been enhanced in this release to so that when a third-party credential provider is being used to wrap t...
Do the PaloAlto's have any functionality to monitor a wan link or tunnel and create a log entry if the link is down or there is significant packet loss? I am able to see these things through external monitoring tools but it would be nice to have a system log entry or something on the PANs as well.
Database Server and Client are divided by 2 Palos.Connections are timing out.How to change the IDLE TIMEOUT for special clients/servers?Roman
Hello,we are struggling with this problem.There is a FTP Client and an FTP Server. Both on different sites. Between them is a VPN Tunnel build with PA 3020 and PA 5020.FTP is working - but sometimes not!!!!!We found the reason for this: This is what I can see at client's siteControlchannel (21) is UPClient asks "STOR myfile.txt"Datachannel Hands...
Since 2013/12/26 I have been seeing a large number of Suspicious DNS Queries (generic: xml12es.farolatino.com), threatid 4011926. After researching the computers that are getting this, they all seem to be going to Microsoft sites prior to this query. From what I have read this seams to be coming from Microsoft Media Player. They use this site...
Hallo all,I am following the document PAN OS 6.0 Admin Guide. Since my management port does not have internet access, I have to setup a data port for external access and updates. So the mentioned document, in the section called "Set Up Network Access for External Services", it is suggested that I should configure 2 ports, one on internal zone sa...
Hello I've an issue on the PANOS 6.0.3 about enumaration of user or group in a security policy I have to use the complete ldap syntax to found the user in the user source columnlike thisand when i tried to browse directly with the select menueI obtain thisloading but nothing appearanybody have this issue?
HelloI have question not directly connected to PA but I think here are peoples who using such solution or are interested in I spend over a hour on googling for simple and free solution for recieving SNMP trap and sending alert by usb modem as a SMS but I didn't find anything interesting.I think that could be VM with Linux and snmptrapd and ie ...
Halloi am looking for the following documentation. I searched the knowledge base but could not find any document:1. IPSEC Configuration Guide with PAN OS 6.02. Configuring PA Firewall for Remote Access Management.Could anyone give me an exact link with documents addressing above issues? (I could not find the above things in admin guide)Thanks a ...
Hi all,I config IPSec betwen two PA device: 1 PA5020 and 1 PAI config as guide: How to Configure Certificate Based Authentication for IKE on PAN-OS 6.0I generate CA on PA 5020 and import to PA 200But on PA 200 i can't sign new Cert with the imported CA certificate.I try generate all cert on PA 5020 ( root CA & signed CA) and import to PA 20...
Hi ,i have a palo alto firewall, i have been asked to put together the pre-shared keys for our VPN peers.i am not able to locate the key for some tunnels, is there any way i can recover the key from my config ?Regards,~Harry
Hi All -Looking through my threat monitor and I am seeing a lot of Suspicious DNS Query entries in there. I have two internal DNS servers, and the entries are for both of them -- the drop-all-packets action is being taken, so it's good the PA is stopping them. If I had to take a guess, 90% of the entries in my entire threat monitor are the Sus...
| Subject | Likes |
|---|---|
| 4 Likes | |
| 2 Likes | |
| 2 Likes | |
| 1 Like | |
| 1 Like |
| User | Likes Count |
|---|---|
| 4 | |
| 3 | |
| 3 | |
| 2 | |
| 2 |

