So I have a need to block almost all internet access for a certain group of folks. They are in a warehouse and only need access to a few websites (time clock, shipping sites, etc) related to their jobs.
How I'm doing this currently is to use a Activ
...
According to the PA-3.0_Administrators_Guide.pdf:
"
Trusted CA certificate—Import an additional intermediate certificate authority (CA) certificate to trust when doing SSL decryption. If the firewall encounters a certificate that is not signed by a tru
Hi,
I have a PA2020 system with Custom URL category defined and it was working fine on 3.1.4.
When we upgraded to 3.1.6, the Custom URL category was not working and URL present in the custom category were being blocked, even if they were in the allow l
...
Problem:
If you try to manage PAN device over a WAN, you might experience problems.
By manage, I mean via the Web interface, via CLI or via Panorama.
The Web interface may not load
Or
login via CLI works fine.
However a command that returns a lot of dat
Hi
I believe I've successfully set up LDAP authentication in our Palo device. All of our groups and users are appearing when searched for using "show user ldap-server server all" and they show up in Authentication Profiles when changing the Allow List
...
I'm wondering if it is possible to define an 'application' based on an SMB URI path?
Example - I have two shares on a SMB SAN server \\san\public and \\san\secret; is it possible to apply a firewall rule to a Palo device that sits between this server
...
hi : I have a question in regard to Flood Protection Thresholds under Zone Protection. Do the thresholds for Alert/Activate/Maximum apply to counting SYN packets directed at a partuicular host or to counting SYN packets directed at all the hosts in t
...
Hi
We will be installing 2x PA4050s into our datacentres to replace our current Checkpoint Alteon Switched Firewalls. We use Checkpoints "telnet authentication" on TCP port 259 to allow super users access through the firewalls based on their IP addres
...
Is there a way to test if an object or IP address is a member of an Address Group?
We have some user categories with "no decryption" but the default rule "decrypt".
Before updating from 3.1.3, https://secure.eicar.org/eicar.com.txt was blocked reliably. Since 3.1.4 not. Nothing else was changed.
In fact i cannot see any ssl decryptio
...
hi
recently i implemented PA-500 with basic L3 setup ( router-pa-switch ) i selected e1/1 and e1/2 as untrust and trust with basic nating, now i need to add e1/7 and e1/18 as vwire with the same external router and same external switch, the idea i hav
...
Hi All,
I want to PBF all my google Apps traffic via ISP1 and the rest via ISP2. Under the PBF rule -> Applications I see only a subset of Apps which includes my customs Apps too. But not all Apps from where I could choose from.
Any advices please?
Than
...
I am having trouble getting SSL VPN to work on a newly added modem. Essentially, I want to add a new ISP connection to my PA and configure it to be used for SSL VPN. I tried to add a PBF rule, but apparently, pbf requires traffic to cross zones. So f
...
We have a customer who has users in UAe, where SSL 443 is blocked.
This means they are unable to get through the initial authentication so can't get the SSL VPN connection working.
Can this initial port be changed?
Is there a cli command to capture packets to/from the management interface?
OtakarKlier
on:
GlobalProtect and other VPNs
BPry
on:
Action=Allow while NATDestinationIP=0.0.0.0
BPry
on:
Checkpoint to PaloAlto
| Subject | Likes |
|---|---|
| 4 Likes | |
| 3 Likes | |
| 3 Likes | |
| 3 Likes | |
| 2 Likes |
