Hello All,
Need your help/guidance on the following requirement
We have 2 WAN links, One ISP with Static public IP and MPLS connection for Internal server access.
Requirement: 1) All the Internal users (Trust Zone) has to go through ISP Wan for Int
...
Hi All
Is it good practice to exlude all server subnets in exclude list as I believe we are not interested in administrators to IP mapping for servers?
What could be the user cases for exlcude list on firewall and user-id-agent?
Hey all,
I think I am hitting a limitation on the template-stacks, but maybe there is a nice workaround that you guys can help me with...
Contrary to Device groups, which have "shared" objects, templates use stacks which is a little different.
The limi
Hi
I want to enable user-id features in all security policies. But I have a question, from users to Domain controller, I should not use user-id feature? as firewall does not know about user-ip mapping untill users are login to domain controller?
Also
...
Hello
Is there any procedure I can use to export logs from local log collector to dedicated log collector. As previously firewall was sending logs to local log collector and now sending logs to dedicated log collector.
@reaper
Regards,
Hello,
I'm trying to get simple data from https://ips.zscaler.net/pac/json. I tried to exploit the extractor with http://jmespath.org/ but really, I don't think I need an extractor here, just indicator "ip".
But it doesn't work :
age_out: defau...
Hi there ,
i'm new here , hope i get a reply
i'm using an ipsec tunnel between two site .
in the second site i'm not able to use the globalprotect , he cannot connected .
but , when i change the desktop dns to 8.8.8.8 it worked .
any solution !
...
PAN-OS 8.0.x
We have users not receiving updates for Windows Insider Program builds when SSL decryption is enabled.
Does anyone know what changes need to be made to make this work? I've solved a few other SSL decryption issues where decrypt-excepti
...
Hello,
I'm trying to identify what the best way of applying a list of datacenter IPs to one of our security policies. The list has about 150 IP's and I'm apparently unable to paste the list of IP's into an address group as it gives me an error notic
...
I have an IP IoC feed that I would like to ingest and re-publish via MM.
The feed is ordered by priority i.e. earlier addresses are newer\more active\higher risk, but if I ingest and publish (miner -> output) it is re-ordered by numeric order. Is
...
I saw this link where someone was looking at this same type of thing I am trying to do but I have not seen someone actually create the miners for Minemeld w/ Adobe. I am looking at their GitHub on how to create a miner for them myself, but I figured
...
We have decrypt port mirrior license on our PA-850
But under interface types we can not see the Decrypt mirror type interface
The Pan-os version is 8.0.8
Hello,
we tried to make a factory reset on PA 500 following this link
https://live.paloaltonetworks.com/t5/Management-Articles/How-to-perform-a-factory-reset-on-a-Palo-Alto-Networks-device/ta-p/56029
Finally we have not been able to make the factory
...
Hi,
I have a scenario with two sites which has two sets (HA) of firewalls, external and internal. So external handles everything internet and behind the internal the datacenter resides. Clients are in between.
We have MPLS between the sites which ter
...
Pretty often seemingly simple monitor filters seem to get our PA devices in an endless loop.
For example:
( rule eq management_services ) and !( addr.dst in a.b.c.d ) and ( app eq ms-sms )
will never succeed. The fitering start running, shows a couple
...
OtakarKlier
on:
Understanding URL Filtering security profiles vs Rule Action
OtakarKlier
on:
Qualys scanner blocked
OtakarKlier
on:
Split-tunnel not working properly
OtakarKlier
on:
Palo HA with LACP to Cisco Stack Switch
aleksandar.asta
BPry
on:
how to block facebook and instagram on mobile
