Why would new span port all of a sudden stop traffic between zones from flowing (no logs at all)
Why would new span port all of a sudden stop traffic between zones from flowing (no logs at all) works after span is rule is disabled.
Why would new span port all of a sudden stop traffic between zones from flowing (no logs at all) works after span is rule is disabled.
I added the Device yesterday to Panorama and everything was fine. Logs were shipping to Panorama from device as expected and at about 9:50 PM, I see a stop in the logs so I assume the device became disconnected at that point. From the device I can ping the Panorama so connectivity is there. No changes were made last night. What else can I check?
Hi,I am currently investigating the possibily to add an extra layer of protection on our GlobalProtect Clients.Currently LDAP authentication is used but I want to add an extra layer on top of this by using a certificate handed out to each user.As we do not have that many clients I figured I might as well have the PaloAlto Firewall hand these ou...
Hi, I have 2 PA500 (7.1.5 PAN-OS) In Active-Passive HA and since I upgrace from brighcloud to PAN-DB I have lots of mails complaining about "Failed to sync PAN-DB to peer: Peer user failure." I see that not all atemts to update de passive device fail, but 3-4 a day fail for some reason. Since the update is successfully in most of the atempt it's...
hello.we have virtual applaince.and we want to increase disk size for our virtual appliance for logging i did everything as described here https://www.paloaltonetworks.com/documentation/70/virtualization/virtualization/set-up-a-vm-series-firewall-on-an-esxi-server/add-additional-disk-space-to-the-vm-series-firewall but when i turn on the Virtial...
Is possible to block all SSL versions and configure TLS only access?
Can you create a security rule that allows access from a specific IP address/laptop to a specific URL address? No we do not have the licensing for URL filtering
Hi all, The company have many PA-500 in HA configuration across the globe, configured by the U.S. team. After upgrade to PanOS 8.0.4, 2 of them are sending alerts like "SYSTEM ALERT : high : User Group count of 16## exceededs threshold of 1000", each of different country and small difference in user group count. I checked the "Group Mapping Sett...
Hello -- I did a manual install of Minemeld on Ubuntu 14.04. That is working in the default setup. The miners are working and there is data in the inboundfeedhc feed. Nothing in the LC or MC feeds. When I try to add the url of the inboundfeedhc as a External Dynamic List in our 3020 w/ v7.1.11 PANOS, it always says: I found an article about tur...
Hi I got a new internet connection through router, the firewall-router connection use private subnet, but I got a public subnet from provider which I will route to the firewall private IP.Since I will configure SSL-VPN, then I have to assign the external firewall interface public IP address so users can access for SSL-VPN setup. Now can I config...
Hi,We are using syslog forwarding to SIEM system from our PA. Logs were in this format: 1,2017/09/06 23:59:59,007100001147,TRAFFIC,end,0,2017/09/06 23:59:59,X.X.X.X,Y.Y.Y.Y,0.0.0.0,0.0.0.0,Firewall To NTP,test\paloalto,,dns,vsys1,Inside,Inside,ethernet1/1,ethernet1/1,Q-Radar,2017/09/06 23:59:59,79361,1,42407,53,0,0,0x4064,udp,allow,409,176,233,4...
Hi All,I have a scenario where i would like to block users on the basis of os they are using. Example, if someone is using OSX, they should be blocked. Any suggestions if that can be achieved. Kind regards Imran Brighton UK
Hi All, Im trying to setup a L2TP/IPsec VPN behind our PA FW, using RRAS.I have allowed application ipsec and i can see that port 500 and 4500 are being allowed when i attempt to connect.I have also set up NAT rules for ports 500,4500,1701 from untrust zone to untrust zone destination translation internal RRAS server. when I try to connect to th...
I keep going through the steps for LDAP auth for admin access and keep getting this generic invalid username and password. I can browse the group mapping tree so I know the communication is there, I have verified my security group is in the allow list, and still just this generic invalid message. The test authenticaion commands from the 7 guide ...
Hi, I'm an IT for a enterprise company and one of my users are tired of getting discovery notifications from the Palo Alto client. Basic windows blocking don't work and I found this site from Palo Alto that is 404. https://www.paloaltonetworks.com/documentation/71/globalprotect/globalprotect-admin-guide/set-up-the-globalprotect-infrastructure/cu...
| User | Likes Count |
|---|---|
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 2 |

