Resolved! PAN Microsegmentation of DMZ
I am spinning up a new DMZ and wonder if there was a some means of restricting traffic between hosts on the DMZ using the PAN.
I have a Cisco Nexus switch and the hosts are VMs in Cisco UCS. Thank you.
Discussions
Detecting UserAgent spoofing
Does anyone know if PanOS v10+ can identify when a UserAgent is being spoofed? I've been looking through the discussion boards and online user documentation and haven't been able to find any results. I'm trying to see if we can catch when a device t
...Resolved! HIP Profile Windows 11
As stated in Where Can I Install the GlobalProtect App? (paloaltonetworks.com) the official client for W11 is > 5.2.10
Personally, I've used version ~5.2.7 without issues, the only thing I noticed was that detected host for HIP Profile was Microsoft W
...
Resolved! User-ID Agent - not populating PAN
We have been using the User-ID Agent and it has been working for over a year. On the 17th, the PAN stopped populating the traffic log with the user-id information. The Agent is working fine (user ids show up in the monitor) and the PAN is connecting
...Resolved! Panorama - Template objects not shared by firewall cluster
I added an existing firewall Active/Active Cluster with multiple Vsys into Panorama
Before the integration, some Device objects like "certificates" or "Local user database" were shared by the firewalls member of the cluster.
Now I need to create the
...Issues with Device Telemetry
I have an HA pair (active/passive) of PA3250s (no Panorama) and just recently upgraded to PanOS 10.0.6 from 9.1.9. I configured the device telemetry and downloaded the new certificates for both firewalls. Telemetry is working great on my primary fire
...
User-ID Windows agent failing to query
Beginning sometime last week (possibly on 12/26) our Windows-based User-ID agent stopped being able to query our DCs for user-to-IP mappings. The PA shows 1000s of request for IP mappings msgs with little to no response msgs from the agent. The agent
...Home Decryption on a PA-220.
I have a PA-220 at home and want to use it to obviously protect my home, but also to help prevent my children from accessing things I feel inappropriate.
Obviously with encrypted traffic from things like gaming consoles and phones this is harder to
...Netflow originator finding
Hi !
we have a query in Netflows. we have configured Netflows on PA820 firewall and enabled monitoring on both WAN and LAN ports. The flows are going to the Netflow collector and everything working as expected. when we are analyzing the Netflows we ar
...Upgraded from v9 to v10 and SNMP traffic statistics...
Hi,
Recently we upgraded our VM-100 fw from v9 to v10 and apart from the yellow login wallpaper there was not much visual changes after the transition. Everything is running as smoothly as before, except an issue with SNMP traffic statistics.
We extr
...Not able to access an website via Palo Alto firewall
Hi Folks,
We are recently receiving multiple cases where the devices behind the PA firewall is not able to access certain websites.
In an recent case we had seen for two devices (Device A and Device B in different VLAN's ) located behind Palo Alto fi
...
Disable interface and kill its sessions by schedule...
Hi,
This is a boarding school situation. By mutual agreement we close internet access to the dorms from midnight to 6AM. Several years ago we tried to control the DormsNetZone rules by a schedule. However as this didn't kill the active sessions it
...Resolved! Hit count cannot increase after NAT
Hi U-turn nat is configured for trust user to ping server located at DMZ. After the user ping the server from trust zone to dmz zone, the security policy count increases, but nat policy count does not increase. Is this normal? if not, why it happen?
...
Communication between 2 network segment
Hello,
I have a PA-220 firewall. There is a normal switch connected on ethernet 1/4. The switch is connected to the equipments of 2 network segments, 10.1.240. * and 192.168.5. * .
These equipments need to communication now. But I can't change their I
...
- tnayak on: Unable to access bing copilot (Bing AI Chat) from Prisma Access Remote Network
-
BPry
on:
When logging into the community can I turn off the email a code?
- MikeSchrader on: IKEv2 tunnel does not restore after HA failover
-
BPry
on:
Cortex XDR: How to block execution of some unwanted apps
-
OtakarKlier
on:
Inquiries about PBF nexthop settings when the ISP is a DHCP Client
- seb_rupik on: Query for routing table
-
OtakarKlier
on:
Understanding URL Filtering security profiles vs Rule Action
-
OtakarKlier
on:
Qualys scanner blocked
-
OtakarKlier
on:
Split-tunnel not working properly
- JayGolf on: Device Control Violations
Copyright 2007 - 2023 - Palo Alto Networks