How to handle firewall self-traffic (management traffic / service routing)

Hi,

when I have a global clean-up rule that blocks/logs all unwanted traffic, my firewall management traffic (DNS lookups, PAN-DB updates etc) stop working if I configure it to use any other interface but the dedicated management ports.  So I added a

"Victim Name" and "Attacker Name" in Monitor / Logs / Threat

Does anyone know where I would configure an IP address to resolve to an attacker name or victim name?  I can't seem to locate it in the documentation and tried adding it in Objects > Addresses. victim_name

WWW vs No WWW

I submit URLs to BrightCloud regularly (several times a week).  Most URLs once updated to the filter database work fine with or without the www as part of the URL.  Every so often I will come across a situation where a URL won't load.  For instance,

Blocking Cloud-Based services

Hi Group

I am looking for some practical experience on how to best block as many cloud-based services as possible.

I know I can probably create some Dynamic Filters for some apps, but other may need to be controlled differently (SSL decryption, block t

Multiple Domain and domain name

Hello,

I have deployed 1 cluster of PA 3020(5.0.5) and UIA on 2 servers of the domain.

The domain architecture is as following:

1 parent domain: idf.local

6 child domain: xx.idf.local, yy.idf.local, ...

UIA works well and we have good informations on the

Panorama Log Collector - No Seq Num Acked

I have a deployment that has a pair of M-100s in HA and each of them has a full disk array that's split out into two separate log collector groups.  It seems as if there's an issue of Panorama communicating to the collector devices that should be for

Problem on Web Management Interface

Hi All,

Our PA500 (PAN OS 5.0.4) recently behave unusual, sometime its kick user from web interface after log in for 10 or 15 minutes.

The only error message that I received in the browser said "XML not responding".

Further check in the logs I got this

URL Security Profile DENY not logging

Having an issue with URL filtering not logging the Streaming Media....BLOCKED.  PA is allowing certain individuals based on Security policy and logging it to MONITOR.  It also is blocking other users not allowed by the URL Security Profile, but not l

NAT Configuration: Need information

Hello everyone,

I need confirmation on configuration.
I attach a picture to this discussion.

Can you confirm that the 2 first menstrual sufficient for the proper functioning of an email server in the DMZ (not to mention filtering rules)?

Also, the first

URL Filtering - Error: Failed to get response from device server. Please try again later.

Yesterday our PAN started running very slowly i.e. lots of sites taking forever to start loading.

I noticed on Dynamic Updates, for URL filtering I have this error listed:

Error:   Failed to get response from device server. Please try again later.

If I

Applipedia not up to date?

I've noticed the applipedia online does not contain the latest applications since the 376 update?

Currently only seeing 1674 applications.

Any ideas?

no wildfire log entry

Hello all

I have been creating a antivirus profile with alert action for all decoder for antivirus action and wildfire action.

but I tried to obtain some logs in wildfire log entrie. May be I didn't request the good file on the web?

How could I proceed

Firewall Seems to Be resetting SSH Connections

HI,

I have a problem with my Palo Alto firewall deployment were the firewall seems to be resetting all connections using port TCP 22 (SSH, SCP, SFTP). I have done packet captures on the ingress interface of the firewall and it shows as if the connecti