Rules check by logs with expedition

Hello,

For one of our client , using PA 850 in cluster,

They have 8 zones for voip , printer , camera etc

And all the security policies are wide open.

Now we want to restrict the policy by looking at logs from each zone towars other.

Can we export lo

Microsoft IP ranges and FQDN-s in outgoing rules

Hi all,

must be someone had similar thoughts too,

we have a customer who'd like to secure outgoing traffic, by specifying not only applications, but also restrict destination FQDN-s and/or IP ranges.

Issue with Microsoft is that their FQDN-s, and moreov

Palo DHCP Server

I have been having issues with DHCP server reservations on the panOS 10.x 

I make reservations and I have found some devices i made reservations for get other IP addresses at times and botches my policies. 

Anyone else have this issue?

Using the Log Forwarding Built-In Actions to create Dynamic Address Group to Slow down Attackers.

Howdy Group

There is configuration area within the Log Fowarding Profile that is powerful to slow down the baddies.

I am not sure how many people are using it.

The premise is

1) I am using an EDL from Spamhaus to dynamically deny access to the public I

session disconnect during A-P failover

Hi,

Can anyone suggest, if we failover from Active to Passive unit on PA firewall. will this maintains the established sessions by default. 

Or we have to additionally enable some other setting to make this enable (should maintain session during clus

LSVPN - Contingency

Hi guys,

    I have one snario that have some satellites connecting each with Global Protect Portal (Large Scale VPN) and I need implement contingency. I was trying to create other portal, other gateway , PBF in the satellites to control default route

Password protected internal site

Hi everyone,

I'm trying to migrate a rule of an ancient firewall (Microsoft ISA server) that was "publishing" an internal resource using regular HTTP - just a web page - but protected by an RSA SecurID login page. The ISA / RSA implementation was jus

PAN CLI: Verifying Service Object Existence and Adding New Service Objects

I am starting to do more work via the CLI such as security rules. How can I check if a service object already exists using the CLI? And if it does not exist how do I add the service object to I can use it in my security rule?

If I try to add a servic