Suspicious Packet with MAC address all zeros

Hi All,

I monitor networks for my client, recently I discovered some suspicious outbound traffic from internal to a known malicious host, although the packet was dropped on the PA. the logs I have showing that the packet's source IP as the internet's

Setting Up MS DirectAccess

Trying to configure DireectAccess (Windows Server) to work but I believe it is failing due to the Palo Alto. I created a custom application and application override for the ports needed but still failing. Per a Microsoft Document, "the firewall has t

Virtual Wire + vPC

I’m considering the following  ( Active / Passive Virtual Wire + vPC ) configuration in my primary Datacetner. I really don’t want to lose the current vPC redundancy that I have in place today. Today I can cut, unplug, power off, kick, shutdown, and

Setting up Policy to allow all access to a squid proxy

Hi

Still a beginer with the PA.

I have a universal rule that allows from 

any zone 

my internal ip address

to 

ip address group that has by proxy addresses in it.

For applicaiton I have 

http-proxy - this covers a lot of ports

default urls

from my test  

Double NAT

Hi!
we have a couple of customer who use paloalto firewalls. We have always problem to connect two accesses through NAT via paloalto. We usually use cisco meraki and the communicate on the higher port numbers. It always work when we have one site that

Scripting

Who can provide me with a from scratch python script to create a new firewall rule? Im not looking to use pandevice or any of Palo Alto modules on github (my compnay will not allow us it import and use it.) Looking of a script that doesn't use pandev

PA-500 SSL decryption decrypt-error session end

I apologize of this is a dumb question as I know that some sites will have decyrption issues, but is it normal to have a lot of traffic log entries with decrypt-error as the session end reason?

None of our users are complaining that they can't get to

Getting the user activity report to sort by username not time

Hello,

I am wondering if there is a way to get the standard User Activity Report to be formatted by grouping by Username not the time of each event. I can get a custom report to group by user but it is not as nice as the User ACtivity Report.  We're

GP for many external clients

Does anyone have a good solution/setup for providing external clients with VPN access?  Not regular users/company employees.

We need to be able to provide these external clients access to different resources internally. IE webpages, server access usi