Fowarding to syslog- best practice

Currently we forward nearly all of the firewall's logs to our syslog server, but the amount of irrelevant minutiae is over-whelming the syslog server.

Is there a best-practice for what information should be forwarded to syslog?  I don't want to miss

Determine PanOS version from generated logs

I have one problem. I have a system where logs are coming from palo alto devices with different version of PanOS (v6.1, v7.1, v8.0 and v8.1). I want to identify which PanOS version is the system running by looking at the logs only. Can you please tel

Error Enqueuing Export Job

Beginning approximately November 2018, we have been unable to successfully export a custom report into any format, always seeing a popup stating "Error enqueuing export job" after an extended wait period.  Attempted same export in both FireFox and IE

Captive portal for wi-fi guest users

Hello all!

How must I configure the PA so that the guest users using wi-fi are redirected to the Captive Portal when accessing https without the need to install certs on the guest devices? Right now it's working for http sites, but not for https, in t...

Block TLD and Security Profiles in Monitor and Log Details

I am working on blocking a TLD using a URL filter. I have multiple URL Filtering Profiles.

I have the TLD block working, but the lack of security profile information in the Monitor tab view and detail logs makes it difficult to troubleshoot.

Is there

HA - Path Group -> virtual router path - source IP?

Hi Community,

What's the source IP used by the Palo Alto when doing a HA - Path Group -> virtual router path check?

Thanks.

Panorama 8.1 VM on ESXi in Legacy Mode

Hi All

I need to deploy Panorama 8.1 on ESXi . Due to some capacity (mostly disk and CPU) limitations on the customer infrastructure this needs to run this in Legacy mode with 4CPU/4GB RAM.  There will be 10 PA220 firewalls, but all very quiet and do

GlobalProtect "You are not authorized to connect to GlobalProtect Portal" Error

Hi,

We have 2 different vpn portals, we connect using email or secure batch authentication, Email authentication works fine but batch authenticaion does not work ( which was working fine before ) I am getting you are not authorized to access this por

PaloAlto Decrypt Mirror not traffic visible to VM but switch port mirror traffic is

I've setup VMware ESXi 6.5 and 6.5U1 with a few different intrusion detection systems and SIEM platforms and getting inconsistent behavior w/ the Palo Alto Decrypt Mirror port vs. other technologies such as a SPAN or "Mirror Port".

Many NIDS platforms

Connectivity to updates.paloaltonetworks.com issue

I can't use Management interface to connect to updates.paloaltonetworks.com.  I am trying to use trust or untrust interface byt no success. I followed some Palo Alto configuration example but still no success. I would apprreciate your help.

mac address learning of actual physical port on lacp

We have LACP  aggregate connection to the switch.

is there any way i can learn the mac address of the switch port itself on the PA ?

Right now PA only shows me mac address of chassis of the switch.