can pbf override connected interface route as well?
I know PBF takes precedence over VR, routes in the fib table. But will it also override connected interface network as well??
Discussions
Resolved! Cisco Guest Mobility Anchor Controller Tunnels are down when placed behind Palo Alto firewall
Hi,
I have a pair of Cisco controllers setup as mobility anchor controllers, which will basically initiate EoIP tunnel between them. Recently we have placed a Palo Alto 5250 firewalls between the controllers through virtual wire interfaces. The phys
...8.1.2 file-blocking / logging traffic direction
Hi all,
after updating from 8.0.x to 8.1.2 we noticed the following behaviour:
In the Data Filtering Monitor the direction of the traffic has moved.
Connections previously shown as 'from internt to lan' are now shown as 'from lan to internet'.
This whe
...Resolved! How to test regex for syslog parsing correctly or not for user-ID?
Hello
Syslog server is sending logs to firewall for user-ID parsing.
1- How can I verify that logs are receiving on firewall?
2- How can I test, my custom parser is working to identify the user/ip mapping?
DMZ network redesign
Hi all, I'm hoping someone can help me avoid a huge overhaul and outage window of our DMZ network...
Our DMZ gateway is currently a Palo interface with GlobalProtect enabled on it. Servers on the DMZ are at a remote site connected via a Layer 2 spann
...
Problems with certain sites
Hello
there are some problems with particular web sites.For example live.paloaltonetworks.com ru.wikipedia.com
Problem with File blocking
Hi all
i need to prevent all downloads on a network using Palo alto without affecting browsing
i created a file blocking profile , denied all extentions in the download direction and applied it in a policy
but iam still able to download many exe and j
PBF and cisco vpn client
Hi everyone
i have two ISPsinterfaces connected to my palo alto
i need to make a pbf forcisco vpn client app traffic to cross through the second isp
in the pbf section in policies , i set the application to cisco vpn and ipsec-udb and IKE and set t
...Resolved! Redistribute Global protect mappings to another FW
Hi,
We can not identify GP users in a remote FW. We can see all AD mappings but not GP. I explain the scenario:
INTERNET ---------------> FW Central (gateway GP) -----> MPLS --------------> Remote FW PALO ALTO
both PA are integrated with LDAP, but n
...PCNSE exam passed
Hello i have passed PCNSE EXAM
https://www.linkedin.com/feed/update/urn:li:activity:6416953323617865728/
i can help other guys too if you wish
write me to email:shaigsamadov@gmail.com
Minemeld: Custom IP list, miner etc for EDL.
I apologize if this has been answered in previous posts, I've tried searching and it seems that I'm getting bit and pieces but not the whole picture.
How would I go about creating my own list of IPs and then customizing Minemeld to mine \ gather
...Understanding Panorama Log Ingenstion & Sizing
I am new to PA & I'm trying to understand the necessity of log collection to a Panorama VM. My company is about to deploy PA-3220's in HA pairs in several data centers. We have a single Panorama VM getting deployed for 6 firewalls (3 HA clusters).
...QOS for multiple user addresses
Hi
i need to create a qos policy to limit downloads and uploads of user addresses objects created on palo alto device
i know that i will ceate a qos profile for down and up , choose a class , priority and type guaranteed and max BW
then create a qos
...Resolved! netflow behavior
Is the session is long live ( some applications like nfs,panorama) will start and last till 1 month.
As we have configured log at session end, the log entry will be created once the session is ended.
However we have configured netflow as well.
Netflow i
...
-
OtakarKlier
on:
Understanding URL Filtering security profiles vs Rule Action
-
OtakarKlier
on:
Qualys scanner blocked
-
OtakarKlier
on:
Split-tunnel not working properly
- JayGolf on: Device Control Violations
- ChrisDean on: I have a Premium Account but can figure out how to open a trouble ticket... the Portal Changed PLEASE HELP... So frustrating...
-
OtakarKlier
on:
Palo HA with LACP to Cisco Stack Switch
-
aleksandar.asta
rdzhiev on: Certificates not appearing in XML running configuration - JayGolf on: Running Security LifeCycle Review SLR for a NGFW
- kiwi on: Panorama M-100 is not showing in my customer support portal software list.
- Alin.Scarlat on: Creating a rule
Copyright 2007 - 2023 - Palo Alto Networks