Did you know that you can help your fellow community members by accepting solutions when a reply answers your question Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature
...
Hi Experts ,
We have existing rule for "Syslog" application ,our current security polcy with App-id and services configured as below ,
Application - "Syslog" ( default application which allows TCP 1468, TCP 1514, TCP 6514, UDP 514 and UDP 1514 )
Se
...
Hi,
I am some what confused and reaching out for a little help.
We have a pair of 3020s in Active/Passive mode with two interfaces, DMZ (Ethernet1/1) & Public (Ethernet1/3). HA is configured to use dedicated HA Ports and all indicators on the dashboa
...
Hello,
We are going to migrate from Traps ESM to Traps Management Service.
After this, we want our helpdesk to administrate Traps, but we do not want to create a palo alto account for every user.
Now I found some information about the Palo Alto Directo
...
According to Documentation,
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/monitoring/use-syslog-for-monitoring/syslog-field-descriptions/traffic-log-fields.html
I'm trying to block users from going to the site: itsalmo.st
I go to: Objects > Custom Objects > Url Catagory > Blocked Urls and then add *.itsalmo.st/
Then I commit.
I waited a while, can see it inthe list but users can still reach it and use the page.
...
I have an interesting problem that I haven't found a satisfying solution for.
I have various remote sites connected via private circuit with OSPF, and then IPSec VPN with eBGP learned routes. The administrative distance of eBGP is 20, and the admini
...
Quick write here. We currently use Pingdom to monitor external reachability to services and our remote office edge devices. In some scenarios such as new office deployments, we may need to utilize the WAN interface to setup the device. The problem
...
We currently block incomming regions such as China - CN however we have some traveling teammates that will need to be able to VPN connect back to us in US who will be in Tawain.
The crux of my question is if CN is blocked but TN= Taiwan ROC by the a
...
Hello,
We want to use wake on LAN in a vlan attached to a layer3 interface on the firewall. The magic packets are sent from a server outside the vlan to the broadcast address. I allowed WOL-packets in the firewall policies, and I see them in the logs,
...
I have tried a lot, and at this point I think I just must be missing something obvious that for whatever reason wont come to mind. From the PA3050 I can not ping outbound from the public IP. When I run captures, all outbound traffic is in dropped sta
...
Is there a way to prevent (address) objects created in Panorama from deploying to firewalls/device-groups where they are unnecessary?
Good day,
I have such kind of issue after PAN update to 9 version.
Here are 5 allow categories, pre-defined categories (low-risk, medium-risk, high-risk and newly-registered-domains), which I want to make alert. But after change, all of categories beca
...
Is it possible to log the version of ssl/tls being used for decrypted sessions (inbound ssl inspection in particular)? I know we can control what versions are used in the decryption profile but is there any way to identify the specific ssl versions b
...
Hello Community,
I have posted this question before, and was told that it is a server error, I have replaced the server but with the same error, so I thought I would post it again, could it be somthing wrong with the server configuration, or could it
...
The office has 2 internet data line. Each of them has a fix public IP address. Device is a PA-820.
I want to separate the utilization of the data line as below.
1. Office area/staff primary use 1st data line. If this line down then auto change to use
...
PavelK
on:
Web Auth FW with HA
reaper
on:
Negate Deny Rule
BPry
on:
SFP Compartibility for HA on PA - 850
OtakarKlier
on:
Management Interface down
PavelK
on:
check Panorama Hardware reload/facing Panorama hardware reload after commit firewall policy to Palo firewall (
