ISP Failover with dual Dynamic Public IPs?
Hello,
I have two ISPs with Dynamic Public IPs. Is there a way to setup ISP failover?
Thanks,
Bill
Discussions
PA-5450 MGT-A and MGT-B Management Ports configuration
Based on the PA-5400 MPC Component Descriptions, the MGT-A and MGT-B management ports are bundled by default as a LAG:
"Two SFP/SFP+ management ports providing 1/10GE connectivity that are used to access the management interface. MGT-A and MGT-B ar
...Security Rule hitcount not incrementing, but traffic monitor shows rule being used on PA-850
Hi Community!
Recently I stumbled upon this weird behavior where a security rule shows 0 hit-count, but when looked under the traffic monitor lots of traffic is being allowed by that rule.
This is the rule in question (0 hit count marker):
This is
...
v-wire security newbie
we have a v-wire setup where we are controlling traffic to a secondary firewall w our 820. as its sitting between ISP and the site secondary firewall (sonicwall) we created a rule that negates all but some countries we do business with and that negat
...Resolved! Create Security Policy Allowing Access to Sharefile based on User while URL filtering is blocking "Online-storage-and-Backup".
We currently block access to Online storage using URL Filtering and make exemptions to online-storage sites like Sharefile using custom URL Category with list of URLs that we want to exempt. However, this setup lets everyone in the company have acce
...Resolved! Sync config between HA peer
If our fw ha group is managed under Panorama, is it necessary to sync config?, is it the best practices ?
Using Captive portal and Azure AD for user network authentication
Is there any documentation available on how to achieve this for general user network access? I assume the network has to be set up with a captive portal, but traffic to identity provider for SAML exchange need to be allowed even before the user gets
...Certificate revocation / OCSP not working
I've set up one of our PAs (a 5260 running 10.1.6-h3) to use as a certificate authority and OCSP responder for use with GlobalProtect remote access. I'm able to issue and verify certificates with no problem, but revoking a client certificate has no e
...Clientless VPN for SQL Traffic?
I have users at a development partner company who need to access a dev SQL instance. So they need TCP 1433 to one server. I would like to restrict access to their corporate public NAT IP and require that they use AD credentials. But it would be prefe
...Firewalls communicating to public IPs on Management Interface
We are currently seeing the Management Plane of our Palo Alto Firewalls communicating to the following IP-Addresses:
- 34.96.84.34
- 107.178.249.217
- 35.238.108.32
This communication occurs on different Platforms. We see more activity since PAN-OS 10, curr
...Resolved! Twice NAT of ASA FW , equivalent NAT rules on Palo Alto FW
Hi Experts ,
We have twice nat rules (nearly 608 NAT rules) configured on ASA FW and we are planning to refresh them with Palo Alto 5020 soon.Below is one the NAT rule of ASA FW.
nat (Internet,Inside) source static any any destination static h-19
...Bypass the url filtering
Hi everyone
Can bypass the url filtering by changing the URL in HTTP get request ?
For example
Firewall rule deny connect to url deny.com and allow url allow.com
User try to connect to deny.com with IP adress a.b.c.d, user add item the host file or usin
unknown traffic pcaps just stopped happening one day around 2 weeks ago
I have a PA-460 that stopped doing pcaps for unknown traffic about two weeks ago. I played around with the application dump setting and I think I may have broken something:
Application setting:
Application cache : yes
Supernode : yes
Heuristics : yes
Resolved! Connect Server Monitor Failure Logs repetition
Hello Guys.
Good day.
I've found about User-ID logs.
these logs are occurring from now.
How can I solve this problem ?
Should I Check AD DC Server ?
(Luckily, There are no CPU Load, Network Latency)
Aged-out traffic accessing a common web
Hi,
recently I am facing an aged-out case for a typical web site, reachable without any issue from 4G for example.
the traffic is not decrypted and after reading many articles I am running out of ideas.
Checking the session info I saw a mismatch b
...
- Sasikumari on: Network Security
-
BPry
on:
rulebase -> security -> rules -> permit_common 'permit_common' is already in use
-
TomYoung
on:
how to export security policy in json format
- ssovee on: Create security policy & move to top at a time
- marianneogorman on: Cisco ASA allowed Arp alias , can Paloalto do arp alias?
-
PavelK
on:
intrazone default
- sshivanandap on: provide temporary internet access for some systems at specific period(1day)
-
OtakarKlier
on:
Multiple L2 interface with same vlan tags
- akuzhuppilly on: SSH Proxy Bock Session with Unsupported Algorithm - What are the palo alto predefined unsupported SSH algorithm and version.
- JeremyGlaus on: Pn commit and push affect the local candidate configuration of the wall
Copyright 2007 - 2023 - Palo Alto Networks