Resolved! Palo Alto keep client IP
Hi, Is possible to keep in Palo Alto the client IP although PA is doing a source NAT to reach internet?. A service in the cloud needs to know the client IP. Something like XFF.
Hi, Is possible to keep in Palo Alto the client IP although PA is doing a source NAT to reach internet?. A service in the cloud needs to know the client IP. Something like XFF.
We have not enabled ssl decryption for specific subnets.When I see the traffic logs I see ssl decrypted is checked and traffic is denied. I verify that I see decrypted flag for all traffic that is blocked in url category. Need to know reason for this? RegardsMike
Am I correct that the naming scheme is considered Major Version . Feature Release . Maintenance Release - hotfix?8.1.6-h3
We have PA user id agent running on the windows server.Need to confirm Port used by the User id agent to talk to AD for user to ip mappingsis this port tcp 5006? where should i look for?
Hi All,I've been collecting and plotting CPU, Session, Packets Descriptors, Packets Per Second, as well as some other metrics. Once in a while I see a spike on the Packet Descriptor graph.According to KB article How to Interpret: show running resource-monitor :The cores specified in the CPU usage output have dedicated functionalities:Core 0: use...
Need to know on PA 5220 when we see DP utilization in GUI does it mean that it is average CPU of all the cores?
Hello everyone! I am brand new to Palo Altos and firewalls in general, so I'm sure I have made a couple obvious mistakes, but hope to learn. I have inherited a PA-220 that is now needed to be put in place between us and other connections (no internet). I have followed multiple tutorials, manuals, etc. to try and get this setup to work. The pl...
Need to know PA which reasons it consider to put session in ssl decryption exclusion list?one I know is client cert authentication and cert pinning. also if ssl handshake does not complete will PA put connection in exclusion list?
We need the ablity to disable the uninstall of the GlobalProtect agent from our corp laptops. As it is now our users can and will uninstall it.Traps has this ablity but I cannot seem to find anywhere to secure GlobalProtect
We have had our Palo 3020 along with GlobalProtect for about a year now, and we continue to struggle with all sorts of GP issues. I'm curious to know how are you all using GlobalProtect? One Issue - Our strategy was to use GlobalProtect as an Always-On connection, as we've invested in Palo's URL filtering and solely use that for URL inspection. ...
Hi, newly deployed ESXi vm panorama 8.0.2By default free space is 11gb this is ok.Then trying to add a new disk for exmpla 150gb.This is working with version 7.1 new panorama. Can we also make this work with new deployed 8.0.x panorama (legacy mode) Name : sdbState: presentsize : 153600Status : unavailabeReason : Admin disabled How can we fix th...
Transparent safe search is not enforced for networks which are using the PA box for DNS proxy. I have enabled Safe Search tick in URL filtering. Still no go. We have enforced with local DNS servers and that is working. However the interfaces using PA DNS proxy do not. I have ensured that each outgoing security policy is set to use the correct UR...
Hi If I wanted to protect a PA850 from unknown devices connecting. so 1 port to the local ISP.6 ports for laptops to directly connect.How / what is the best way to make sure only pre defined laptops can connect.Mac filtering ??? Think that is easily by passed802.11x - how easily is it to manage what other option do I have.GP - I want to run GP a...
when i run command show system files /var/cores/:total 4.0Kdrwxr-xr-x 2 root root 4.0K Jan 10 00:15 crashinfo/var/cores/crashinfo:total 0/opt/var.dp2/cores/:total 4.0Kdrwxrwxrwx 2 root root 4.0K Jan 10 00:15 crashinfo/opt/var.dp2/cores/crashinfo:total 0/opt/var.dp1/cores/:total 4.0Kdrwxrwxrwx 2 root root 4.0K Jan 10 00:1...
We have PA-820's and I have been looking for a way to leverage them to block punycode attacks. In fact, we'd be pretty OK with blocking punycode URLs altogether. I just haven't been able to puzzle out a way to do it. If I add xn--* to the URL filter block list, it complains that I have multiple wildcards. If it add just xn-- the firewall acc...
| Subject | Likes |
|---|---|
| 4 Likes | |
| 2 Likes | |
| 2 Likes | |
| 1 Like | |
| 1 Like |
| User | Likes Count |
|---|---|
| 4 | |
| 3 | |
| 3 | |
| 2 | |
| 2 |

