Websense to Palo Alto Web Category Comparison

We are switching from Websence (Forcepoint) web filtering to Palo Alto 5050 Firewall. Does anyone have a "crosswalk" that has been done showing what websense categories line up with what PA categories?

Best Practices for Security Policies with App Default and Custom Services

Hello,

I have been tasked with converting some legacy security rules from app=any, service=custom object to app=app-ID and service=application-default. However, some of our apps use custom ports over known applications, so straight conversion is not

What app id is used for remote access to Windows 2012 Server and Windows 2016 Server?

Hi all,

we've noticed our admin accounts have been locked several times today due to consecutive failed login attempts to our VM-s.

Most likely, these would have gone through the PA firewall.

I wonder what would be the way to filter huge log, other tha

Dual ISP scenario

Hi,

I need to create a dual ISP scenario. This FW has 2 interface with differents ISP. (ppoe)

eth1/2 (1.1.1.1/32)

eth1/3 (2.2.2.2/32)

We would like to balance both ISPs and in the case one of this ISP goes down, all traffic takes the ISP up in that mom

Config, System, Supervisor timing out

I cloned few output prototypes and created my own miner -> ipv4 agg -> output config. I logged off for some reason and now that I login, I am getting timeout error for config, system, supervisor etc. I dont see any config info or indicaters in System

Doubt about 8.1 version source-user logs

Hi,

I just upgraded my firewall to 8.1.0. I was checking the log and i see that now the "source user" in log traffic is the full name machine with $, not the AD user. 

Before 8.1 was: domain/john.english

Now is: xxxx.dom\PCfullname$

Why??? how can we c

Palo alto static routing issue

Hi,

We are configuring a new routing scenario but we are expecting problem taking the correct route.

This is our static route table:

destination     interface       gateway        metric 

10.50.1.0/24    eth1/1     10.50.250.1      1

10.50.2.0/24     

test security-policy-match application ping -> Server error : argument protocol is required

Hi,

I am trying to test ping from zone A to zone B using 2 hosts IPs which belong to their respective zones.

What is the correct way to specifically test application ping?

fw1(active)> test security-policy-match application ping from from zone_1 to zo

SYSTEM ALERT : critical : fail to integrate the update of registered ip addresses since 61 seconds

Greetings

I am not sure if anyone has come across this alert SYSTEM ALERT : critical : fail to integrate the update of registered ip addresses since 61 seconds  on a regular basis?  If yes, can someone please shed some light on what is causing this

Do we have to reinstall globalProtect after a gateway cert was renewed

Recently we renewed the gateway cert, after that, a few colleagues have to reinstall the globalProtect agent, otherwise he/she will get error message "gateway certificate is invalid".

BTW, we use self-signed certificate.

Is there anyother way could f