Hello,
I'm trying to run my first Terraform:
terraform {
required_providers {
panos = {
source = "PaloAltoNetworks/panos"
version = " 1.11.1"
}
}
}
provider "panos" {
hostname = var.panos_hostname
username = var.panos_username
password = var.panos_password
}
I'm trying to find out if it's possible with a Palo firewall to allow access from a DMZ machine to a windows share on an internal file server, however, I would like to allow access to a specific share. The file server on the internal network has sev
...
Hi team,
I require assistance with Pan-OS SD-WAN. Upon adding a device to the SD-WAN devices, I proceeded to create an auto BGP policy for a branch location. However, when checking the policy for the branch device group, I observed that it added 'z
...
I just upgraded PA-820 from PAN-OS 10.2 to 11 and when I try to access the GUI in Chrome I get the following error:
ERR_SSL_KEY_USAGE_INCOMPATIBLE
I can access an SSH command line session.
Suggestions on correcting this?
What kind of ways there are available to secure API access?
For the UI we can implement MFA to have more security here.
As both services run on the same port, using IP/Port protection on the firewall is not useful.
What ideas do you have to secure
...
I would like to validate if the below monitored traffic on our internal firewall is service-affecting. How can we address this dropped traffic?
How can we cleanup these alerts? The same alert is shown on another FW 3430. Is it a normal behavior of
...
An initial ask to see if anyone else has seen the same - last night at 23:59:58.000 we received our last syslog message from a stack of PAN-OS firewalls under management, on versions 10.1 and 10.2. Doesn't seem to be an issue with our logging server
...
Hello team:
From your support; by browser I get the following warnings "NET::ERR_CERT_COMMON_NAME_INVALID" subsequently ERR_SSL_KEY_USAGE_INCOMPATIBLE, this validating in chrome and microsoft edge. Consequently I do not login to the portal, but it is
NGFW Hi, Any idea if there is a tool to trace in PA5220 to check the un-detected open or allowed ports in rule policy.
For example from a source IP 192.168.x.x.x. to a destination public IP (web server) . In the service I only specify port 443 but u
...
Need support for software upgrade. Please advise, upgrade path and supported latest updates.
Current version: 9.1.13-h1
Model: PA-3020
Hi there
We would like to monitor the status of "Panorama Connected" of a PA-440.
I found the the correct SNMP Get OID for this case.
But when we enter a wrong Panorama IP, the OID String is still "connected":
27.02.2024 10:32:36 (7 ms) : Device:
Hi Folks,
I'm seeing some instances of "Received fatal alert CertificateUnknown from client" errors in the decryption log when the root\issuer certs are clearly in the FW's cert store. Attached are screenshots of the error and the FW's cert store.
...
My goal is to set up a DHCP server capable of allocating IP addresses according to the hostnames of client machines.
Here are the specific requirements:
We require the DHCP server to oversee three separate IP ranges.
For hostname-based IP assignment:
...
reaper
on:
Migrating to multi-vsys environment
TomYoung
on:
Making PA-820 quieter??
