Hi all,
must be someone had similar thoughts too,
we have a customer who'd like to secure outgoing traffic, by specifying not only applications, but also restrict destination FQDN-s and/or IP ranges.
Issue with Microsoft is that their FQDN-s, and moreov
...
I have been having issues with DHCP server reservations on the panOS 10.x
I make reservations and I have found some devices i made reservations for get other IP addresses at times and botches my policies.
Anyone else have this issue?
Howdy Group
There is configuration area within the Log Fowarding Profile that is powerful to slow down the baddies.
I am not sure how many people are using it.
The premise is
1) I am using an EDL from Spamhaus to dynamically deny access to the public I
...
Hello ;
We have to setup HIP profile check for Corp users and external partners
Currently we have a common Loopback Interface having a Private IP and we have a tunnel interafce
Both loopback and Tunnel are part of same zone called GP
This is same Cl
...
Hi,
Can anyone suggest, if we failover from Active to Passive unit on PA firewall. will this maintains the established sessions by default.
Or we have to additionally enable some other setting to make this enable (should maintain session during clus
...
Hi guys,
I have one snario that have some satellites connecting each with Global Protect Portal (Large Scale VPN) and I need implement contingency. I was trying to create other portal, other gateway , PBF in the satellites to control default route
...
Hi everyone,
I'm trying to migrate a rule of an ancient firewall (Microsoft ISA server) that was "publishing" an internal resource using regular HTTP - just a web page - but protected by an RSA SecurID login page. The ISA / RSA implementation was jus
...
I am starting to do more work via the CLI such as security rules. How can I check if a service object already exists using the CLI? And if it does not exist how do I add the service object to I can use it in my security rule?
If I try to add a servic
...
I have been using MeldMeld for several months in a lab environment with great success. Recently I setup a new server for our production firewalls but I have encountered a problem that I have not been able to solve.
I can query MindMeld using a regula
Hello ;
For one our Customer running PA 3200 Series in HA having GP License ( HIP checks)
Currently the GP Portal and Gateway have common Interface . The GP URL is vpn.connection.it ( sample name)
The requirement is that
Internal Users use the URL
...
Why does this have to be so difficult?
I want to create a cert on the palo.
Device > Certificate Management > Certificates > Generate
Highlight Generated Certificate > Export Certificate > Open with Notepad
Copy contents
Go to my Microsoft CERTSRV > R
...
I was trying to work out which security policy applied to traffic through my Palo Alto from 10.77.22.10 (in the trust zone) to 10.99.0.1
Firstly, I wanted to confirm what zone 10.99.0.1 was in using this page : https://alwaysnetworks.co.uk/identifying
I am trying to create a prototype for a Miner that pulls IP's from a JSON formatted file. I have looked at the documentation for setting up a JSON miner (https://live.paloaltonetworks.com/t5/MineMeld-Articles/Using-MineMeld-to-extract-indicators-from
...
Hey Guys,
i'm currently testing the GlobalProtect App 5 with iOS Deviecs and Airwatch MDM. Everything works great, but it seems like that it isn't important which setting i've selected in the Portal > Agent > App (Settings). I've tried to enforce Glo
...
Hello
If I wanted to migrate from Checkpoint to Palo with Panorama, but not use Expedition, what would be the general steps?
Thank you for your time.
OtakarKlier
on:
Understanding URL Filtering security profiles vs Rule Action
OtakarKlier
on:
Qualys scanner blocked
OtakarKlier
on:
Split-tunnel not working properly
OtakarKlier
on:
Palo HA with LACP to Cisco Stack Switch
aleksandar.asta
