DNS Security

Hello Folks

Does anyone know why I am having problems with DNS Sinkhole when my computers have dynamic DNS, I have spent days testing and I have detected that with fixed DNS I see the log but with dynamic DNS I don't see any log

I have applied the Secu

MS-Teams issues with disconnections

Hi all,

we have some issues with MS-Teams.

Our customers have random disconnections during the cals. In the app they recive error - "bad network quality" and after that they reconnect. Call quality itself is good. In MS console there is no allerts for

TCP Source Port Pass Firewall Vulnerability

Hi Team,

We are getting below vulnerability in PA NGFW. 

Please find the error below, 

External user access to cloud app through firewall

Hello,

Currently we are using an application hosted in cloud (Azure) which is being accessed by LAN users only through a Site-to-Site IPSec tunnel.

Now we want to give access of this Azure application to external users(they don't have LAN access).

We wa

real time interface monitor

I have an interface connected internet line with bandwidth 10MB can i monitor B.w utlization real time , meaning can paloalto draw a graph time and b.w at every moment i can see ultization may 5 MB ..5.1MB 9MB or something like that . or i must use a

PBF over VPN tunnel

Hello,

I try to create a route forwarding from a Palo Alto in one AWS account to a Palo Alto in another AWS account.

The Palo Alto in account A is creating a VPN to a Virtual Private Gateway  in account B. THe VPN is up and we can manage the firewall.

lacp neg failed for sec then came up

got email alert

SYSTEM ALERT : critical : LACP interface ethernet1/21 moved out of AE-group ae1. Selection state Selected

system log shows

( severity neq informational ) and ( eventid eq nego-fail ) and ( description contains 'LACP interface ethernet

IPv6 BGP issue: bgp peer ISP_IPv6_Peer local address 0:0:0:0:0:0:0:0 does not belong to interface

I had been troubleshooting the following error message when trying to add an IPv6 BGP peer to my PA:

• bgp peer ISP_IPv6_Peer local address 0:0:0:0:0:0:0:0 does not belong to interface ethernet1/1(Module: routed)
• Configuration is invalid

For some reason o

PA-220 is not allowing inbound traffic

HI PA Community! I have a very odd issue. My Palo will not allow any inbound connection. I was setting up GP and wondered why I can't hit the portal.  Then realized I can't even PING the public IP.  I am using a dynamic PPoE connection to my ISP. I c

No way to unsubscribe?

The unsubscribe link at the bottom of the newsletter takes me to a page that only has a "Subscribe" button. An unsubscriber should not have to agree to Terms of Use and a Privacy Statement.

Easiest way to find and replace Interfaces

What is an easy way to find and replace Palo Alto interfaces?

Let's say for example I am combining a bunch of interfaces such as ethernet1/9 and ethernet 1/10 into an aggregation group (i.e. ae1) and adding these as tagged VLANS i.e. ae1.123, ae1.456