Using PANW Firewall to control Slack Tenant access / usage

While Palo Alto Networks has documented the use of HTTP Header insertion to control access to certain SaaS applications, there are many more which are not yet documented (as of July 2021). Slack in particular came up for me during testing so I wanted

Access Management via GP and Tunnel vpn ipsec

Access Management via GP and Tunnel vpn ipsec

Good afternoon, I have a question, please support me. I have the following scenario.

Site 1: The main site as a Global Protect VPN concentrator and also as a central point of two IPSEC VPN tunnels.

Site 2:

Disable new apps in content update - Not working

Hi Experts,

We've a pair of firewalls (9.1.6) managed by the Panorama (9.1.6). We've Threat prevention license in place and client would like to install just the threats and not the apps by selecting disable the new apps in content update.

As recommen

Client Get drop call after they connect access the web based application trough Firewall

Hi Team, One of my clients used some web application call when they are able to log in from home by the general home router (without global protect).

When some clients come to the office and into the firewall network LAN When they log in and Connect c

Configuration from scratch

Hi team .How do I start  configure palo from scratch am a fortigate engineer.

PA-3020 interfaces not coming up

I have a PA-3020 that was taken out of production several months ago. When it was removed, everything was working. Since that time, it has been sitting on a shelf. I decided to get it out today, and try to set up a small lab. I consoled in to the dev

Authentication Policy other ports confusion

We just started looking into authentication policy and while testing it works for web services but what about any other services rdp/ssh/or anything else. The BPA document says we should set authentication policy to Any, but doing that SSH in our tes

URL Risk Rating Discrepancies

Why the URL category for sync.predictive.com and mail.eventss.com is High Risk in PA firewall but in Test A URL site it is Low Risk?

I assume I should follow what is shown on firewall and disregard A Test site for good measure. But what is the cause o

Meraki dashboard IP changes

Is anyone having to make changes to Paloalto for the Meraki dashboard IP changes?

Netflow is not working

Dear Team,

Netflow hasn't been working. When we enable and disable Netflow on an interface our SolarWinds server receives a tiny bit of Netflow traffic but then stops again. Netflow traffic is however leaving the firewall and destines for the SolarWi

PANOS firewall Upgrade from panaroma Error

I have paloalot firewall that is managed via panaroma. The firewall doesn't have internet connectivity and only panorama does. On the panaroma I have downloaded both the 9.1.0 base and 9.1.9 maintenance version. When trying to install 9.1.9 from pana

EDL for Specific Azure IPs/Tags Using Minemeld

I'm looking for a way to use the JSON file from Microsoft which lists Azure IPs and services tags (https://www.microsoft.com/en-us/download/confirmation.aspx?id=56519) to create an EDL. However, I only want to include the IPs for Storage.EastUS2 in t

Warning: The admin has enabled the virtual system vsysX as User-ID Hub(Module: useridd)

Why is this a warning? Has anyone found a way to keep this from displaying as a Warning? This cases our SOC personnel to ignore when the commit status completes as 'Commit completed with warnings"

We are running 10.0.6 - Panorama and 9.1.9 - Gateways