Fresh from scratch firewall config

So i can't find much on what rule of thumb to follow. If you know what applications you want to be allowed, should you start with the level4 version of the rule using just a port and then migrate to app based rule? Once app id identifies it properly

Anydesk config

Hello,

I have tried to allow some specific users to use anydesk, but it did not work.

in security policy, under application allowed anydesk, service allowed any

in nat, service allowed - tcp 80, 443, 6568, 7070 (destination tcp)

but it did not worked. 

pl

User-ID Help

In recent weeks we've had a problem reported where one minute a site will be accessible for instance Youtube and then it won't be and then it will and it goes on, after looking in the logs when  the connection to Youtube fails is when the log show no

7000 series log forwarding card not forwarding traffic logs to collector

Hey everybody,
I'm setting up a 7050 with a log forwarding card to a dedicated log collector.  On the log collector, I have it set to device log collection and collector group communication on ethernet1/5.  I have log settings configured as well as a

QoS Profile Configuration

I'm doing my first PAN QoS configuration- it's for a SIP trunk to a carrier from our VoIP network. I've read through the procedures and wanted to do a sanity check for my approach:

1) I've configured my security rules for SIP to have QoS "Follow Clie

Panorama require description on policies

Greetings:

I am exploring enabling "Require description on policies" in Panorama.  From the documentation it is not clear to me if by enabling this feature will only apply to new or edited policies or ALL existing policies will require a comment.  Do

SNMP - OID RAM/HD Usage

Hello!!

I am using OP Manager to check my Palo Alto 3020 through snmp, but i don´t have the OID to check RAM/HD % usage, i downloaded all MIB from Palo Alto Page and uploaded to OP Manager. I haven´t seen the OID to check that resources.

Do you have t

Reconfigure PA 500 from A office to be in use for the future for the B Office.

Hello Team,

I would need your help and assistance to configure a PA 500 from A (Lets say Frankfurt) office to be in use for the future for the B (Lets say Stuttgart) Office.

Any guidance and step by steps procedure would be helpful.

Thanks,
Bipin

Able to ping management interface but cannot get GUI (over secure IPsec connection)

Have a PA820 connected to a remote machine via IPsec tunnel - Management port has been opened up to access over LAN (works) - and can ping the Management IP over the tunnel - but am not able to connect to the web GUI. Any pointers?

Many thanks in adv

AV Profile - Alert action

Hello guys,

I have a question about the alert action in the AV profile.

- When I configure alert in AV action (threat already known), is traffic allowed or blocked?

- When I configure alert on WildFire action, is traffic allowed? or does it depend on