Rule bypassed when specific ip entered for destination (PanOS 8.1)

I have a rule that has been failing to allow connections to the internal system. To test i've set up the rules below. (IP's obfuscated)
When I run
> test security-policy-match source 1.1.1.206 destination 2.2.2.226 protocol 22
the response is

"External-T

Panorama Security Profiles Problem - Pushed to device

hi,

I am facing a strange Problem in my LAB environment. I have created some File Blocking, WildFire and Data Filtering Profiles in VM based Panorama (9.1.4) and Pushed to PA-200 (8.1.16). The profiles in Device seen very strange. Here Sample images a

UserId Agent stating connections port 135

Hi,

We need to know why our UIAs are starting sessions to INTERNET in port 135.

how can we mitigate this flow? WE disblae UIA in INTERNET zone but we still see these sessions.

Here you can see the kind of  sessions:

any idea?

Interstate DR setup with site replication.

Hi All, 

We are currently in the build process of a interstate warm DR. Our primary DC has a pair of 850s while the interstate has a pair of 820s. I have begun implementing Panorama to manage both sites, both devices are configured with a simple clea

Panorama doesn't load on firefox

Hi All,

I have been struggling with this issue for few months now.

The panorama VM site just doesn't load on my system, using firefox browser. It shows blank white page and after few refreshes of the page (and praying - please load this time), it fina

politicas de seguridad (post-rule) duplicadas

Hola 

¿ como puedo ver las políticas de seguridad (post-rule) duplicadas ? , asi con esto hacer una depuración de las reglas !

Zone rename effects on Shared Policies

After a company acquisition we have inherited about 25 firewalls which I have recently migrated to a single Panorama instance, along with shared policies and templates, and in the process of building shared policies for the entire fleet.

For the shar

IPSEC Tunne with IBM cloud

HI 

I have setup a tunnel with IBM cloud and tunnel is UP. However I am unable to ping from both side. 

Routing and security policies are configured correctly, I can see on firewall logs byte sent is there but byte received is zero.

There is no traffic

PA management: secondary ip?

With Palo gateway appliances, is it possible to give the management interface a secondary IP?

Wildfire File Check

Hey Community,

maybe someone can give me a hint or help about the following Topic:

Does Wildfire re-checks Files after we have got a verdict ? For example, if a File is uploaded to Wildfire and the verdict is Benign, but after some Time something has

Tactics Technique and Procedure (TTP) for Noob Threat Hunting

I am new to Palo Alto NGFW and Cortex, does anybody have  any special TTP they want to share to noobs like me?

Prevent User Traffic from Proton VPN Application

Hi All,

Just wondering if anyone has a solution in creating either an application id for proton vpn, and or other methods in preventing users from bypassing the palo firewall.

https://protonvpn.com/

I have discovered today that this application is no

Required role to do cli backups

We have a process to do backups using the cli. I'm going to create a new role restricted to cli for this purpose. What admin role is required to perform backups?

URL Filtering Log - MAC Address

Good morning,

We are trying to leverage as much functionality from our PA FW right now.  At the moment we are using 3rd party filtering and 3rd party captive portal.   The challenge is always matching the URL filtering logs with the user mac address.

UserID agent - different two major

Hi,

Just to confirm. it would be compatible this:

UserIdagent in version 9.0.x

and FWs in version 8.0.13

WE need to upgrade FWs to version 9.0.x, and we are thinking to upgrade first UIA, but we are not sure about compatibility in UIA two major higher.