How security policy - intrazone works?

Trying to use a Security policy with type intrazone and action is Deny (any application & service).

Target is to block all communication within the same zone (subnet). Such as ping, file share (smb), ftp, etc.

The layer3 interface and the computers wer

Log forwarding to Panorama

Hi,

I have some problems with log forwarding from firewall to Panorama because it is consuming a lot of bandwidth. I have configured the firewall to buffer the logs before foward them to Panorama. I would like to know the following:
* When log forward

Captive Portal Redirect Page

Hello all, I am having a bit of an issue with getting captive portal to work the way I need it to. I have it setup and my Macbook was able to redirect to the correct page, I was able to successfully login, and then browse the web without issues. The ...

Self-service Firewall rules?

Wondering if the NGFW are capable of automation. Automation as in, if someone has a set of firewall rules that needs to implemented and they know their source, their destination, their port, they can implement the rule themselves. 

QoS for VOIP over IPSEC VPN

Hi All

I have four VPN sites and HQ with VOIP deployed. On HQ Palo Alto, I want if traffic come from LAN with some marking like 'af41' then give priority (real time) and copy the dscp marking when send across IPSEC VPN? 

-> For this, I have made one q

Testing 8.0 Credential phishing prevention

Support says eveything has been setup properly for this to work. How would you test that users would not be able to enter domain credentials into bogus site? 

Dynamic 1:1 NAT on the Palo Alto interface.

We are looking at some method where we can dynamically NAT subnets behind the Palo Alto Firewall to pick an IP address from the network defined on the external interface.

e.g. I have the external IP address network defined as 10.100.100.0 /24. The IP

Issue Static Source NAT

Hi Expert ,

I have some issue about Static NAT due to I have secondary public ip on the same interface such as on ethernet 1/3 have 192.168.1.22/24 and 192.168.55.1/32 and config nat bi-direction such as source  trust > 172.16.1.22 to untrust  and So

Minemeld install error on RHEL

I am attempted to perform an ansible install of Minemeld on RHEL 7. I am receiving the following error. Anyone seen this and have any suggestions for remediation?  Thanks

I receive the following message when I run the ansible playbook:

TASK [mine

invalid interface

hello have getting a lot of 802.1q tag not configured and invalid interface message in global counters. I'm trying to find the cause, I have configured subinterfaces I see traffic in rx.pcap with properly tag, all traffic is dropped, I see as destina