GlobalProtect clients logged as PA MGMT

Looking through my logs today and I noticed that connections initiated by clients using GlobalProtect are being logged as sourcing from the PA management interface. Is this expected/intended behavior?  Shouldn't the log show the clients IP address?

Strange URL request in botnet

Hi all,

This morning, spending some time on my palo report and in botnet report there is many alert concerning repeted request to "84.39.153.31/SpamResolverNG/SpamResolverNG.dll?DoNewRequest"

Does someone know what it is ? Is it part of Microsoft emai

Dns vulnerability

Hi,

is there a way to block

DNS Cache Poisining

DNS Server Spoofed Request Amplification DDoS

with Paloalto ?

URL Allow List filters are not functioning as documented.

URL filter is great when working with Categories, but when an exception is published in the allow list there are catches and exceptions.:smileyconfused:

We block-continue Streaming Media, which contains Youtube, which we want to allow users access to

IP to user mapping unreliable

Situation: PC connected to our domain. Domain users log on to it. Domain users have internet access.

The same PC is used for assessments. These (external) users log on with a local user account (not known as a domain user). These users are not allowed

In 5.0.1, what is the full URL to the various captive portal pages?

Hey everyone,

I'm using a PA-2020 on the latest version, 5.0.1. I need to be able to test the end-user experience with Captive Portal. I am also extending some effort to customize the various result pages that users will see, so I need to be able to v

How to handle firewall self-traffic (management traffic / service routing)

Hi,

when I have a global clean-up rule that blocks/logs all unwanted traffic, my firewall management traffic (DNS lookups, PAN-DB updates etc) stop working if I configure it to use any other interface but the dedicated management ports.  So I added a

"Victim Name" and "Attacker Name" in Monitor / Logs / Threat

Does anyone know where I would configure an IP address to resolve to an attacker name or victim name?  I can't seem to locate it in the documentation and tried adding it in Objects > Addresses. victim_name

WWW vs No WWW

I submit URLs to BrightCloud regularly (several times a week).  Most URLs once updated to the filter database work fine with or without the www as part of the URL.  Every so often I will come across a situation where a URL won't load.  For instance,

Blocking Cloud-Based services

Hi Group

I am looking for some practical experience on how to best block as many cloud-based services as possible.

I know I can probably create some Dynamic Filters for some apps, but other may need to be controlled differently (SSL decryption, block t