Adding URLs to an allow category caused some connections to be blocked

We added additional URLs to an existing custom url category and on our URL filtering profile, it is set to alert. These additional URLs are completely unrelated to the connection that started to fail. And as soon as we reverted those changes things b

User-ID - one user occasionally not hitting the user based policy

PAN-OS 8.1.2, User-ID configured with Windows AD single domain. There are security rules built, based on users/user groups. It is mostly working as intended, but specifically there's [at least] one user that has a different behavior - some user-based

need to block .lockbit extension

as per RBI guideline ,one of our customer from banking sector wants to block .lockbit  file type extension,but in firewall i didn't found any such extension.

Issue with the vulnerability logs.

We have noticed some vulnerability logs in our PA for the Telerik application in our environment.

the threat vault id is 59014 but according to the link. https://threatvault.paloaltonetworks.com/?query=59014).

 https://www.telerik.com/support/kb/aspne

Include/Exclude subnetworks for user mapping

Hi,

Just want to know, what is the exact role of include/exclude subnetworks in Palo Alto user mapping & how it will work on back end.

How do I select an asset when filing a support case?

Hi, 

Weird question, but I'm trying to make a support case for a firewall, and I'm on Step 4, where it's asking me to "Please select the asset for which you are filing the case." No matter where I click in the table, there doesn't appear to be any way

commit fail due to BUG/ PAN-172580

can anyone let me know in what release PAN-172580( BUG ID)will be resolved?

Can Panos block URLs based on the URI path?

Hi,

What we are trying to do is block domain.com but allow domain.com/api/something1

I tried this in the lab and I'm thinking nope it can't do it, even with SSL decryption it doesn't work!

Email attachment issue

Hi Team,

We have configured Email alert scheduler to get logs daily and monthly.

We getting daily logs with attachments and not getting monthly logs and attachments. 

Sometimes we getting monthly logs email but attachments are not there.

PANOS 10.0.5

Does anyone use HIP check on the local LAN as a NAC solution?

I understand that a HIP check can be used on the local LAN when the GlobalProtect client connects to the internal gateway.

• How effective is this as a NAC solution for the internal LAN?

• Without 802.1x authentication, does a machine without GP installed

HA Clustering session synchronization

Hello!

I have some question about session synchronization in HA Clustering (geographic cluster). All firewalls in HA clustering use the first rule for traffic that should not match it, this only happens on geoclustered firewalls. Later, the rules are

Block Access to private Gmail but allow corporate

Hi all.

Im looking for a solution to block user access to private gmail accounts but allow a corporate accounts to be used.

I'm aware that there is a solution involing proxy server and X-forwarder.

Is there any other way to do this without dedicated pro