Did you know that you can help your fellow community members by accepting solutions when a reply answers your question Accepted solutions are a super-helpful resource in the community, and we want to make sure our members understand how this feature
...
Hello Community,
I was wondering how in a "larger scale" environement (140+ branche offices) people are generally managing their certificates?
We are switching from Websence (Forcepoint) web filtering to Palo Alto 5050 Firewall. Does anyone have a "crosswalk" that has been done showing what websense categories line up with what PA categories?
Hello,
I have been tasked with converting some legacy security rules from app=any, service=custom object to app=app-ID and service=application-default. However, some of our apps use custom ports over known applications, so straight conversion is not
...
Hi all,
we've noticed our admin accounts have been locked several times today due to consecutive failed login attempts to our VM-s.
Most likely, these would have gone through the PA firewall.
I wonder what would be the way to filter huge log, other tha
...
Hi,
I need to create a dual ISP scenario. This FW has 2 interface with differents ISP. (ppoe)
eth1/2 (1.1.1.1/32)
eth1/3 (2.2.2.2/32)
We would like to balance both ISPs and in the case one of this ISP goes down, all traffic takes the ISP up in that mom
...
I cloned few output prototypes and created my own miner -> ipv4 agg -> output config. I logged off for some reason and now that I login, I am getting timeout error for config, system, supervisor etc. I dont see any config info or indicaters in System
...
Hi,
I just upgraded my firewall to 8.1.0. I was checking the log and i see that now the "source user" in log traffic is the full name machine with $, not the AD user.
Before 8.1 was: domain/john.english
Now is: xxxx.dom\PCfullname$
Why??? how can we c
...
Hi all, I found the issue after upgrade Palo alto from PAN-OS 5.0-6.1.0 when to 6.1.0 auto-commit faile and show messages "Total NAT DIPP translated IP 804 exceeds the capacity of 800 " My model PA-5050 so, I would like to know this issue occur?
Hi,
We are configuring a new routing scenario but we are expecting problem taking the correct route.
This is our static route table:
destination interface gateway metric
10.50.1.0/24 eth1/1 10.50.250.1 1
10.50.2.0/24
...
Hello,
My problem is that the Spotify connect features with sonos use mDNS with multicast 224.0.0.251 to discover device. I have multicast rules forChromecast already, it's working successfully and it use also the same address, so I'm wondering why it
...
Hi,
I am trying to test ping from zone A to zone B using 2 hosts IPs which belong to their respective zones.
What is the correct way to specifically test application ping?
fw1(active)> test security-policy-match application ping from from zone_1 to zo
...
Greetings
I am not sure if anyone has come across this alert SYSTEM ALERT : critical : fail to integrate the update of registered ip addresses since 61 seconds on a regular basis? If yes, can someone please shed some light on what is causing this
...
Hi All,
We are having a scenario where we are supporting various vendors through IPSEC VPN and we were using Cisco ASA 5585-X for that.
The problem is we are nearing the 4000 total active tunnels now and ASA is facing some issues handling that much tu
...
Hello,
i want to use policy based forwarding to forward all Traffic out via a specific next hop except private address ranges, When i negate the private address spaces the rule just shows these lined through, so it will not policy base route for th
...
Hello
I just need a confirmation if i can configure a TAP interface + 2 bridges interfaces, and make 2 policy rules, one for TAP and the second for the bridge, in order to generate logs for TAP and bridge traffic at once, that is possible?
Thanks
reaper
on:
HSBI and HA
reaper
on:
Agentless User-Id integration
reaper
on:
Required PAN-OS 8.1.25-h1 for PA 3060
