IP blocked then allowed

Hi, 
I'm reviewing a logs regarding a low reputation IP which in the first log it's action is dropped, and 5 minutes later 3 logs with action allowed. Why does it dropped then allowed it?

Logs

category: spyware

action: dropped

Threat Name: CobaltStrike

XFF

hi.

It's not really a big deal, but when using URL-Filter Logging, would it be possible to log  X-Forwarded-for X-Forwarded-for if the HTTP Request Method is CONNECT?

Is there any documentation or support for this?

Thank you.

Please kindly repl

PA-410 bug - disable-predefined-reports

PA-410 running PAN-OS 11.1.0. This firewall had been upgrade from 10.2.latest to 11.1.0.

After making an unrelated change to mitigate CVE-2023-48795, validate fails with:

Could not get schema node for xpath /config/devices/entry[@name='localhost.lo

Strata Sales training guide

Hi team,

I m new in the system as a sales solution specialist i see the Prisma SASE and Prisma cloud having the proper sales pre sales post sales guide to understand the in depth product where i came to strata there is no Sales guide i found can an

Cannot change action for special Threat ID

On our 5410 with PANOS 10.2.7-h3 installed I can see a lot of threats with ID 89953 (Inline Cloud Analyzed Unknown-TCP Command and Control Traffic Detection), severity = high, default action = alert.

I want to change the default action via Anti-Spywa

Palo alto Credits Problem

I have a problem when quoting credits. I get the following message:

"There is no Software NGFW Credits product on this Quote, the Credit Estimator is not needed."

Could it be a website problem?

thnks.

Sending traffic logs with Syslogs (UDP) from PA-440 -> Collector Server in Azure -> LimaCharlie organization not working

I am trying to send Syslog from my PA-440 to a LimaCharlie organization.

This is the setup

PA-400 --Syslog--> Virtual Machine in Azure running Ubuntu with LimaCharlie Adapter --HTTPS--> LimaCharlie.io

This is what I have done in the PA-440

Intra Traffic between hosts of isloated vlan

Hello,

We have two host part of same zone [vlan] but set up as isolated VLAN on switch.

The uplink of switch is connected to FW Zone.

And I am wondering whether a pre or post is necessary to allow intra traffic between these two hosts living in a iso

Global Protect with Entrust Radius Server

Has anyone ever worked with integration Palo alto firewall with Entrust Radius server for authentication users for Global Protect? I have a few questions.

US Government / DoD Conttract

Is there a mechanism to add purchased devices to a pre-existing government contract?  I would assume PA runs a DoD contract similar to Cisco, wherein devices used by the DoD can be added to a contract vehicle of some sort to receive software/hardware

PaloAlto Firewall Vsys

Dears

i have an 2 no's of physical PAN in HA and in multiple vsys that are splited as an internet firewall and DC Firewall,  can i know the disadvantages for the same. can i know the firewall resources are shared example CPU, RAM, if an CPU or RAM co

How to create Custom Application Signature to identify WebRTC Application with Cisco Meeting Server

A Custom App-ID allows you to do two things:

1. Create pattern-based signatures for traffic that doesn't match any of the pre-defined application signatures.
2. Create a Custom Application for use in an Application Override Policy to override a pre-define

PBF Rule Monitoring - Forced egress i/f?

I have a dual ISP configuration.  ethernet1/1 is primary Internet.  ethernet1/2 is backup wireless Internet (phone or dedicated hot spot as needed).  ethernet1/2 is connected to an old Linksys router running DD-WRT and it automatically connects to my