PA Unable to drop packets for Scan Host Host Sweep towards Internet

Hi

Can someone clarifies if it is a default behaviour on PaloAlto to allow scan host sweep towards Internet?

It is tagged as medium in Threat Prevention but the firewall unable to block it even though the profile is set to strick that block all Threa

Change to HTTP decoder

Did I miss a notice that the http decoder was being changed so that most of my rules based on the web-browsing app would break?  Nearly all of my web-browsing traffic is suddenly being identified as unknown-tcp.

I notice in the release notes for 646

Palo Alto deny All policy reason non-syn-tcp

Hi,

We realised our PA in version 7.0.6 is having any issue with the traffic. We see many traffic being dropped by DENY all rule (the last rule in the rule set). Looking in application we see "non-syn-tcp" in all the connections. 

These denies connec

Exceeding IPs in one list

Hi,

The miner Ransomware IP has > 10000 so I'am wondering how I could solve this issue. Should have some output feed that you can define to take a certain amount of IP's so you can map that on your hardware. And then create a second output that is

FTPES with dual ISP

Hi,

I'm trying to figure out how to get outbound FTPES working on our firewall.  I've gotten it partly working - I can establish a connection.  But we have 2 ISPs (load balanced via weighted round-robin) and the data channel isn't always using the sa

Forwarding streaming traffic to a second Palo

Hi all. We have two Palo 3020s, each connected to a different ISP. At the moment the 1st firewall handles all our LAN internet based traffic, whereas the second firewall is mainly used for our VPN connections. We're looking at forwarding streaming tr

Router or Firewall for S2S VPN

We are standing up a new data center and there is some disagreement about whether the Firewall or the Router should host the IPSec VPN. 

The Security Team  suggests the Firewall for a few reasons (Logging being the biggest)

while the Networking Team w

Captive Portal with Radius and groups of users

Hello

I'd like to consult with You one problem. My users authenticate with Radius on Captive Portal web page.

Problem that comes to me is how to assign access according to groups of users. My FreeRadius has only one group of users, I can add more but h

GlobalProtect with multiple sites

Hello all,

At my location we have 3 internet connections each at a different building. We have private and leased fiber inbetween so our entire organization is one internal network. At the internet connection points I have been replacing the Cisco A

Dispaying object name in traffic monitoring

Hi,

I would like to know if it's possible to display object name associated to each address in traffic logs. I cant find it in any columns but i'm wondering if there is another way to do it. In fact, we want to organise the logs to have a better visi

why do we update wf-content-version on WF-500 appliance

Dear Experts,

I was wondering that why do we update wf-content-version on WF-500 appliance, what is the reason for it. As I have configured WF-500 to generate the signature locally, what additional value will be added by downloading why do we update

NSX: Sync update from NSX failed! Dynamic IP updates might not be in Sync

Panorama version 7.1.6

PanOS version 7.1.6

NSX 6.2.3

I have successfully integrated Palo Alto with VMware NSX and have successfully deplyoed the service VM's and can successfully redirect traffic to the Palo Alto VM's.  The issue comes when trying to d