Clean Firewall Policies
Hello all, I am thinking of how can i clean/organize my firewall policies. Many rules seem to be mixed up within each other. Do you have any suggestions to make it more appealing to the eye? How should I organize my rules?
Hello all, I am thinking of how can i clean/organize my firewall policies. Many rules seem to be mixed up within each other. Do you have any suggestions to make it more appealing to the eye? How should I organize my rules?
Hi, I have a question about PAN-240612. ===== Fixed a kernel panic caused by a third-party issue ===== What feature does this issue relate to? And what exactly is “third-party”? BR
Hello For example, some implementations require multicast traffic to be encapsulated before IPSec encrypts it. If this is a requirement for your environment and the GRE tunnel and IPSec tunnel share the same IP address, Add GRE Encapsulation when you set up the IPSec tunnel.https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/networking/gr...
Good Afternoon, How do you apply for the academies listed in the early careers section of the main website?
the basic topology is: Internet FW are non-palo alto in HA A/P directly connected (no switch in between) to a pair of Palo Alto in A/A HA -in Vwire mode (no Layer 3 on the Palo Alto but in transparent-zone) then Palo Altos in A/A HA are connected to the Core switch where the rest of the environment connects to as well. The internet FW will send ...
Hello everyone, I have enable x-forwarded-for in PA. When I look at the pcap from PA, I see the ip address but from monitor log traffic, collum x-forwarded-for ip is empty Please your help. Thank you
I have a PA410. After upgrading the software recently, I found that the original monitoring log has reduced a lot of functions, and even the ACC function has been lost.I checked the website information and found that this function was cancelled after 10.1.2. These are the ones I use the most and I can't even find any replacements or anything abo...
Hi All, We have a client who all of a sudden started to receive the following telemetry error - 'CDL Receiver Key Empty' on PA-440. No changes have been made. Currently running PAN OS 10.1.2. They are not using CDL and are just sending Telemetry data to PA with a certificate. This looks like it may be a an issue on the PA backend. Can anyone cl...
I have a fairly simple network setup in my LAB Management Interface 192.168.1.1 /24 LAN Interface 192.168.100.1/24 DESKTOP IP 192.168.100.100 I have allowed all the Internal Subnet on the Management interface which is 192.168.100.0 /24 in permitted list I cannot ping the Management Interface 192.168.1.1 FROM 192.168.100.100 NO SECURITY POLICIES ...
We have just configured 2 IPSEC tunnels with a remote palo. Both sides have 2 IPSEC tunnels with tunnel monitor and DPD configured. For some odd reason, the when the primary tunnel is active and has active routes going to it, the secondary tunnel still shows active. Traffic is still flowing the way it should, I never see the traffic change to...
Hi Guys, NTP was working well. But when authentication was enabled below msg is seen on the Firewall (NTP Stopped working) NTP server is a local one using IP address (not FQDN) PAN-OS Version 10.1.5-h1 All the other devices are syncing except for the Firewall. Has anyone else seen this issue? Any help would be greatly appreciated. Regards,...
11.1.4-h1 PAN OS is recommended version for PA-450 box ? what is the release date of it ?
Hello,I have a web server in DMZ with private ip address 192.168.10.100/24 and I would like all the traffic from outside should come to this server. My public ip is 1.1.1.2/255.255.255.248 which will bind to 192.168.10.100To perfom this I can create a destination rule FROM TO Source Destination Destination Translation Address (Static)Untrust--&g...
We have an existing GP setup and it's working, but the IP Pool is set to a range of IPs 192.168.10.10-192.168.10.100 instead of a subnet 192.168.10.0/24. I want to either expand the range or change it to a subnet. I tested this by expanding the range to 192.168.10.5-192.168.10.150, but clients that got an address in the newly expanded range ...
Hello -I've set up SAML and by all accounts it looks like everything is working fine. In the Monitor > System logs I see four different events: saml-client-redirect, saml-idp-activity, saml-signature-validated and finally auth-success. The issue is this:I click on "Use Single Sign-On" > (same result with/without optional Username) Continu...
| Subject | Likes |
|---|---|
| 4 Likes | |
| 2 Likes | |
| 2 Likes | |
| 1 Like | |
| 1 Like |
| User | Likes Count |
|---|---|
| 4 | |
| 3 | |
| 2 | |
| 2 | |
| 2 |

