Next-Generation Firewall Discussions

PaloAlto Firewall and Cisco Expressway integration with NAT Reflection

In Cisco Expressway Series with Single NIC Deployment, the Cisco Expressway Core must be configured to point to the Fully Qualified Domain Name (FQDN) of the Cisco Expressway Edge, this FQDN must be resolved to the Public IP of Cisco Expressway Ed

Question regarding source NAT in S2S VPN

Hi All,

I need to create a S2S Tunnel to a customer. We need to reach 1 Server on their side (e.g. 192.168.100.1). The connection is needed from multiple Hosts from 2 different Subents on our Side (10.0.112.0/21 and 172.18.2.0/24). The customer does

PA-220 / PA-440 DNS

I am wondering if my server dies, can I host DNS on my PA-220 or PA-440.  This would be great and would not have to have physical box anymore.

I need to upload response page

I am currently in the process of planning to upload a custom webpage to my Palo Alto device. However, I would like to automate this process through an API call. I have the HTML content for the webpage stored in a variable and I would like to upload i

Can I use a certificate from another device in my decryption policy?

Hi

I plan to apply Vunerable Protection to the customer's firewall and at the same time decrypt outbound traffic.

However, the customer's network environment already includes encryption and decryption equipment.

And the customer wants to apply the

Block Surfshark VPN

Hi All,

We have a block for Proxy Avoidance and Anonymizers on our DMZs. But we are able to see that the users can access Surfshark VPN on our SDWAN.

Also, I am unable to see any logs on the firewall.

Could anyone please help me on how we can b

PAN-OS-11.1.2-h3 - No incomming traffic after upgrade

Hi,

We recently upgraded our Palo Alto 1410 Firewall to PAN-OS-11.1.2-h3 from PAN-OS-11.0.4-h1.

After Upgrade there was no incoming traffic from external networks. There were no hits or logs showing incoming traffic.

Internet Outbound traffic was g

I am curious about the processing method in terms of hardware architecture.

Hi

I recently compared the H/W architecture of the PA-3200 series and the PA-3400 series and had a question.

Looking at the architecture below, it appears that N/W and Security Processing, which were previously separate, have been merged into o

error in placement of IPS diagram

this picture shows the IPS before the firewall  : https://www.paloaltonetworks.com/cyberpedia/firewall-vs-ids-vs-ips#ips

BUT in the matrix below
you state that an IPS is: 
 Positioned right after the firewall, before the internal network.

Thanks for the

CPU issues on PA-3410

Hi Team,

Need some help with respect to below query:

Issue - We are using PA-3410 in our environment. We are monitoring this device using Logic Monitor tool. Our monitoring team states that they monitors CPU and memory utilization for Palo Alto d

GlobalProtect portal allows a user to download the software without logging when we manipulate the URL

when we manipulate the URL and change the path of URL:

       Form:

                https://{IP/FQDN}/global-protect/login.esp

      To

                https://{IP/FQDN}/global-protect/getsoftwarepage.esp.

 it's return the download page, please can