Threat Logs

When looking at Threat Logs, I see the action is reset-both or drop. What action should I be taking with these? Anything?

Firewall creates seperate sessions for C2S and S2C

Hi folks,

I was troubleshooting SSH connection and want to know if I missed something.

The topology is following:

Client ---> PFSENSE <====ipsec tunnel ====> PA VM ==== ipsec tunnel ==== AZURE ---> Server

Client tries to establish SSH sessio

SDWAN BGP over pre-existing BGP internet.

Hi Guys. 

We're deploying SDWAN in a customer who already has two ISPs connected in his hub, and talking BGP ECMP with them, using his public ASN and his own prefixes.

According to documentation, the SDWAN plugin requires the same BGP Router ID and A

Debug process LDAP User-ID

Hi all,

I am learning about Paloalto, however there are some parts I still wonder about, the process of checking accounts and mapping accounts with palo's ip. Is there any way for me to debug and see this process clearly? Currently, I can debug the L

Sd wan for dual Isp

Hi can anybody suggest me the step for configuration of dual ISP in palo alto. If primary goes down secondary will automatically has been up. My primary link is lease line with static ip and secondary link is brodband on DHCP. So kindly tell me how I

How to solve the Administrator Certificate-Based Authentication with issue of Redirection to prompt the username and password

The Certificate-Based Authentication for administrators to access the firewall through the web interface transparently authenticates the admin with a client certificate instead of prompting and entering manually the username and password.

The Clien

postfix server nat rule on panos -9.-0.4

Hello ,

I cant update panos ,

i want simple bi-direction nat configuration

i have rocky9 as a web,mail,dns server on kvm

what is best nat rule sequence to work mail server correctly

(after change nat rule sequence i am getting varity of erros  )

i a

pan-pa-80

I would like to know if we buy pan-pa-80 firewall, what license are need to be purchased in order to have a web filtering, malware attack, 

And what is the purpose of GlobalProtect subscription year support. What support services it carries 

User-ID validation after upgrade

Hi All, 

Commit error<mlav-engine-urlbased-enabled unexpected here> after upgrade version to 10.2.10

we upgrade pa-5220 version to 10.2.10 ，and then meet a commit failed as below，anybody have same question and anybody could give me some suggestion？

Validation Error:

profiles -> url-filtering -> STD_UF -> mlav-engine-urlbased-enabled unexpected here

What is the RAM for PA1420, PA3430? Do they have at least 128 GB Memory ?

Hi,

Kindly i would like to ask, What is the RAM for PA1420, PA3430? Do they have at least 128 GB Memory?

I can't find this is in datasheet or hardware architecture.

Thank you.

Unable to Apply Group based Security Policy

Hello Team,

We have successfully integrated LDAP with the Palo Alto firewall, and user-ID mapping via the user-ID agent is functioning as expected. We are able to use LDAP users in the security policy without any issues. However, when attempting to

Wrong categorization of traffic to icmp,tracert and communication break for web traffic

Hi team,

We facing issue with PA firewall that, traffic from browser or application categorized to ICMP related and match to ping enabled rule in mass.
Due to this, return traffic of the TCP session drops and application communication interrupts int

migrating from 5220 to 3440 - 40 G interface question

Ports 21 and 22 on the 5520 device, which are 40G interfaces, are currently in use. We need to migrate this device to the 3440 model. However, on the 3440, I don't see a specific 40G interface listed. Instead, the documentation suggests using ports 3