Next-Generation Firewall Discussions

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

Multiple GlobalProtect profiles based on LDAP groups

I have tried multiple searches, but can't seem to find the answer that I am looking for. I am migrating from Cisco ASA firewalls to a PA-440. The PA-440 is running PanOS 10.1.6-h6. On the Cisco we have multiple VPN profiles. Each profile has access to only specific networks and/or hosts. When you initiate a VPN session, you select the sessi...

NGFW Application catagory

Afternoon all, Been looking at an application called "SimpleHelp" - according to google ... " it allows Any technician to log in using the following steps: Open your web browser and navigate to the technician address of your installed SimpleHelp server (http://<your server>/tech). Download and run the Technician application. Log in using...

how to know which informational level log related with hackers and invasion?

how to know which informational level log related with hackers and invasion? when this can be found, how to deal with this kind of attack and informational log? For example, in the past, smart install security incident , there kind of log are not crtiical level and not alert level some security event evidence can be any level of log

what kind of logs are security engineers looking for in palo alto ?

what kind of logs are security engineers looking for in palo alto ? any tutorial and documents mentioned about these?

Unabe to import the custom url category in 10.2.x

While trying to import the custom URL category noticed the process is not happening. Showing us uploading but not happening. Seems it's a bug in 10.2.x.Same is working fine in 10.1.x

How does a firewall/vwire handle ethercode 0x0721

Hi, we are currently setting up a clean pipe for Cisco ACI setup, so the intra-ACI traffic will pass the vwire, to have basic IPS inspection done. Our setup is an A/P HA with a vwire. Cisco is using Layer-2 ping with ethercode 0x721 to check, if the path is free or blocked. We have some issues with failovering and we doubted, that the L2-Pin...

Migration of PA FW of Different Model

Hi All, Need to migrate 1xPA220 by 2xPA3020 and 1xPA500 by 2xPA450 with same configuration and connectivity. Can anyone help me what are the precautions i need to take to make migration successful.

Error when exporting using SCP

Hi community, When I'm trying to export a debug or dump file I'm getting this output: "scp: Failed to open file '/'. lost connection" I tried this on PANOS 10.1.5-h1 and 10.1.6, Is anybody facing this behavior?

Resolved! Sub-interface and zone || IPSec tunnel with AWS

Hi Team, 2 queries. 1. I have 2 physical interfaces on which i have configured multiple sub-interfaces. say for eg eth1/7 - eth1/7.1, eth1/7.2, eth1/7.3 eth 1/8 - eth1/8.20, eth1/8.21, eth1/8.22. and my both physical and subinterfaces are in same zone - say trust zone. Now i have an urgent requirement and i cannot addup new physical in...

Anyone else seeing ublockorigin.pages.dev and malware-filter.pages.dev being blocked in the phishing category?

This morning I noticed some hosts on our network were blocked from visiting ublockorigin.pages.dev and malware-filter.pages.dev because the URL filter categorized those pages as phishing. These URLs appear to be associated with the uBlock Origin adblocker extension. Does anyone know why these pages are categorized as phishing now by Palo Alto?

How DNAT is working , Is DNAT configuration wrong ?

Hello world ! In my new company I saw a DNAT policy which is completely different from what I have learned yet. Can anyone help me with that. Below I am giving an example. To make it simple suppose we have three zone INSIDE, OUTSIDE AND DMZ To make destination NAT policy we have to define source zone and destination zone. As far as I know my s...

Resolved! How to best interpret blocked URL events for malware and C2

We recently started issuing a daily report from our PA-5220s detailing which hosts on our network were blocked from visiting certain URL categories of interest to us (malware, phishing, C2, ransomware) during the previous calendar day. I am the person on our team who scans those reports in the morning and decides which events to investigate. M...

HA Configuration with network provider router

Hello In case where I haven't switch between network provider router and our cluster of Palo Alto (Active/Passive), only a cable between router (eth1) and Eth1 of Active firewall, if the active FW is broken, the communication will be cut or not ? What is the best design to connect a sigle router of network operator to our FW cluster if we c...

Can Palo use Akamai custom header (X-True-Source-IP)

Can we use the Akamai custom header (X-True-Source-IP) in lieu of an XFF header?

how to allow NordVPN after done suggestion of BPA for advanced threat license

how to allow NordVPN after done suggestion of BPA for advanced threat license? I use flashrouter of nordvpn but page.asp can not load and even blank white page shown. I remove high risk and medium category blocking but can not solve PA220 configured C2 command and control traffic blocking but cannot find the reason of blocking and can not find w...

Discussions

Welcome to the Next-Generation Firewall Discussions!

Multiple GlobalProtect profiles based on LDAP groups

NGFW Application catagory

how to know which informational level log related with hackers and invasion?

what kind of logs are security engineers looking for in palo alto ?

Unabe to import the custom url category in 10.2.x

How does a firewall/vwire handle ethercode 0x0721

Migration of PA FW of Different Model

Error when exporting using SCP

Resolved! Sub-interface and zone || IPSec tunnel with AWS

Anyone else seeing ublockorigin.pages.dev and malware-filter.pages.dev being blocked in the phishing category?

How DNAT is working , Is DNAT configuration wrong ?

Resolved! How to best interpret blocked URL events for malware and C2

HA Configuration with network provider router

Can Palo use Akamai custom header (X-True-Source-IP)

how to allow NordVPN after done suggestion of BPA for advanced threat license

In PAN version 9, public IP addresses and the VPN were accessible from the Intranet.

PAN-OS HA UGRADE PATH

Unable to find "Hide My IP" application on firewall (Applipedia shows it exists

HSCI port - amber blinking LED on both primary and secondary devices (5445)

Intergrations of External Dynamic Lists (EDL) with External Systems

Re: Unable to find "Hide My IP" application on firewall (Applipedia shows it exists

Re: Azure "az" command and decryption

Re: Azure "az" command and decryption

Re: HA failover on Acitve Passive concerns

Re: InPlace Upgrade Windowsserver with User ID Agent

Unlock your full community experience!

Resolved! Sub-interface and zone || IPSec tunnel with AWS

Resolved! How to best interpret blocked URL events for malware and C2