Resolved! Expressway-E and C and NAT and VW
Hi, I have deployed Expressway (cisco ToIP) E and C as per the diagram below .PA is in VW mode .Does it work without any changes in the PA ? Or Is there any policy must be created ? Thanks
Hi, I have deployed Expressway (cisco ToIP) E and C as per the diagram below .PA is in VW mode .Does it work without any changes in the PA ? Or Is there any policy must be created ? Thanks
I would like to know the CLI command to retrieve info of security policies which have p2p applications left allowed. Idea is to find out on all sites and block it.
Hi, I have a rule for Panos syslog miner to block FTP brute force login attempt that is not working. I suspect this is because the threat_name has a colon in it, and is not being parsed properly. This is what my rule looks like: conditions: - type == "THREAT" - log_subtype == "vulnerability" - severity == "high" - src_zone == "WAN" - dest_...
https://mail.yahoo.com (web based email) and https://web.tresorit.com (online storage and backup) are both blocked via url category filter as per screen shot. But... I am only getting the response page for mail.yahoo.com.web.tresorit.com just gets page cannot be displayed. the policy is working as expected but i need the response page for the ...
Hello, A and B question: A. We have two Palos in A/S. The active has a functioning IPSEC VPN tunnel terminated to it. Is there any way to have the tunnel renegotiate to the S when it becomes A? B. What is the proper way to design an A/S PA/Nexus 7k VPC environment, to best utilize the advantages of VPC technology? Thank you
In the wake of the success we had at the Live Community booth at Ignite2017, I'd like to start a new tradition and what better time to have a little fun than Halloween? So I'd like to challenge you guys and girls of the Live community to either flaunt your 1337 h4x0r skills at integrating into something odd/fun/weird, or just be quirky and try f...
I am running PAN OS 8.0.7 and having a problem with getting the members of a group enumerated by the firewall. The group is shown by the firewall in the GUI and can be added to security policies, and the CLI if I run the "show user group list" command, I can see the group in the list that I have added to the Group-Mapping settings.The problem is...
Hello guys, I have a PA820 in active/passive mode who has a strange behaviour. I have created a rule that permits that traffic but the device drops it. I see "allow"in the logs, but with a capture I can clearly see the SYN in the dropped section and not "syn/ack" and "ack". I have also tried to put an "any/any" rules, it matches but the behaviou...
Hello Community,Since the security advisories were released yesterday, we are looking to upgrade to the newer version. Has anyone experienced any issues with 8.0.6 from 8.0.5 that are not in the release notes? https://securityadvisories.paloaltonetworks.com/ https://downloads.paloaltonetworks.com/software/PAN-OS_8.0.6_RN.pdf?__gda__=1512621490_...
Dear Community, I hope you are doing alright.We are in process of renewing our firewalls and I would like to test-deploy latest version of the Palo Alto VM-Series 500 on VMware vSphere Hypervisor (ESXi). Could you please let me know how I can the following?Obtain the OVA packages needed for deploymentObtain a test license for PA's trial periodWh...
Hi, We have two devices in HA, we realized that active node has a certificate (captive portal) but the passive not. The configs are synchronized but the passive doesnt have this certificate. We tried to export this certificate from node active and import in node passive, the proccess is done properly but the certificate is not showed. Why the pa...
Hello Everyone, I have spun up the ubuntu VM with the MineMeld iso. This system is behing a firewall. What IPs/URL's does this system need to have access to? Thank You, Scott
Hello According to https://live.paloaltonetworks.com/t5/Threat-Vulnerability-Articles/PAN-OS-exposure-to-ROBOT-attack/ta-p/192397For complete protection, signature #38407 must be applied upstream from any interfaces implementing SSL Decryption, or hosting a GlobalProtect portal or a GlobalProtect gateway. I have 760 content update applied. I try...
I am trying to design the edge firewall and core network currently and I have a core Layer not in a "stack" or "VSS" so they are independent Core switches. They are doing the routing to the private WAN, and will be doing the routing to the Edge Firewalls. ECMP requires a dynamic routing protocol which usually you wouldn't run on an edge firewall...
Is it necessary to have userid enabled on the VPN zone interfaces to see the userids?
| Subject | Likes |
|---|---|
| 4 Likes | |
| 2 Likes | |
| 2 Likes | |
| 1 Like | |
| 1 Like |
| User | Likes Count |
|---|---|
| 4 | |
| 3 | |
| 2 | |
| 2 | |
| 2 |

