Can Palo use Akamai custom header (X-True-Source-IP)
Can we use the Akamai custom header (X-True-Source-IP) in lieu of an XFF header?
Discussions
Globalprotect clientless portal link persistence using SAML through cloud identity engine.
Hello,
Just wondering if someone can shed some light on link persistence when redirecting through Palo Alto cloud identity engine.
In our previous config which was Local user authentication based, an automatically generated link which would open a re
...Decryption exception issue - no SNI - SCN: chat.signal.org
Hi,
how to add following decryption error (ssl-forward-proxy) to exceptions?
- logs->decryption: dest address: ac88393aca5853df7.awsglobalaccelerator.com (shodan solves this ip /13.248.212.111/ also to service.signal.org; SNI - no value; SCN: chat.sig
...
Can we input address range directly to security policy source and destination
Hi,
In firewall version 8.1, Can we input address range directly to security policy source and destination?
Thank you.
Resolved! NGFW Telemetry Uploads Failing
We have been receiving critical alerts saying telemetry uploads on all of our NGFWs from all locations are failing since just past midnight EDT last night. The most relevant parts of the alert are:
type: SYSTEM
subtype: device-telemetry
eventid:
LACP load balancing algorithm
Hello Team,
Where I can find information about how traffic balance between physical interfaces in case when LACP used?
Can I choose balancing method in configuration (source/destination, MAC/IP Addr, L4 Ports)?
I found information about traffic distri
...Palo alto Implementation issue
Dears,
I'm Trying To implement Palo alto based on VMWARE ESXI Machine and i need to Take in place the Redundancy in Network Design.
The Image has been ttached which I am Trying to reach it with optimum solution Network Toplogy
What I can do In Palo A
...
Palo alto Implementation issue
Dears, I'm Trying To implement Palo alto based on VMWARE ESXI Machine and i need to Take in place the Redundancy in Network Design.
The Image has been ttached which I am Trying to reach it with optimum solution Network Toplogy
What I can do In Palo A
...
Resolved! Permit statement isn't capturing all the traffic
We have a school tied to our organization that's using a PA-850 and is running 10.1.6, and we're trying to get Battle.net working. After considerable troubleshooting, I put in a rule at the very top to permit the "zESports" zone to get to any IP on a
...
PA dropping certain MSSQL EXEC statements for no apparent reason
Having a weird issue with a remote client connection to over VPN to multiple internal MSSQL servers. A particular SQL EXEC query packet is getting dropped in the middle of an SQL session. Security ruleset allows the communication under a VPN to TRUST
...AD inntegration User ID agent Windows Server 2022
Have integrated Windows server 2022 with NGFW, but some users are not included in the appropriate rule.
Resolved! list of services that run on the Palo NGFW
Hi all. Does anyone have a list of services that run on the Palo NGFW that explains what each service does? From the CLI, I can do a "show system software status" and see all of the running services, but Id like to know what each does. Any help ap
...Firewall tries to close a BGP/TCP connection with switch
Hi,
The following problem involves a firewall (10.249.0.13) wanting to close a BGP connection with its neighboring switch (10.249.0.14).
The switch answers with a BGP NOTIFICATION message that contains 'No supported AFI/SAFI'. (separate issue)
...How to Create QoS rule based on user
Hello dear..
We have a network that includes an active directory on server, computers, and Palo alto firewall, so we need to create a Qos rule based on the user to give each windows user 2MB in both the Ingress/Egress interfaces on the Palo alto Firew
...
Copyright 2007 - 2022 - Palo Alto Networks