XFF

hi.

It's not really a big deal, but when using URL-Filter Logging, would it be possible to log  X-Forwarded-for X-Forwarded-for if the HTTP Request Method is CONNECT?

Is there any documentation or support for this?

Thank you.

Please kindly repl

PA-410 bug - disable-predefined-reports

PA-410 running PAN-OS 11.1.0. This firewall had been upgrade from 10.2.latest to 11.1.0.

After making an unrelated change to mitigate CVE-2023-48795, validate fails with:

Could not get schema node for xpath /config/devices/entry[@name='localhost.lo

Strata Sales training guide

Hi team,

I m new in the system as a sales solution specialist i see the Prisma SASE and Prisma cloud having the proper sales pre sales post sales guide to understand the in depth product where i came to strata there is no Sales guide i found can an

Cannot change action for special Threat ID

On our 5410 with PANOS 10.2.7-h3 installed I can see a lot of threats with ID 89953 (Inline Cloud Analyzed Unknown-TCP Command and Control Traffic Detection), severity = high, default action = alert.

I want to change the default action via Anti-Spywa

Palo alto Credits Problem

I have a problem when quoting credits. I get the following message:

"There is no Software NGFW Credits product on this Quote, the Credit Estimator is not needed."

Could it be a website problem?

thnks.

Sending traffic logs with Syslogs (UDP) from PA-440 -> Collector Server in Azure -> LimaCharlie organization not working

I am trying to send Syslog from my PA-440 to a LimaCharlie organization.

This is the setup

PA-400 --Syslog--> Virtual Machine in Azure running Ubuntu with LimaCharlie Adapter --HTTPS--> LimaCharlie.io

This is what I have done in the PA-440

Intra Traffic between hosts of isloated vlan

Hello,

We have two host part of same zone [vlan] but set up as isolated VLAN on switch.

The uplink of switch is connected to FW Zone.

And I am wondering whether a pre or post is necessary to allow intra traffic between these two hosts living in a iso

Global Protect with Entrust Radius Server

Has anyone ever worked with integration Palo alto firewall with Entrust Radius server for authentication users for Global Protect? I have a few questions.

US Government / DoD Conttract

Is there a mechanism to add purchased devices to a pre-existing government contract?  I would assume PA runs a DoD contract similar to Cisco, wherein devices used by the DoD can be added to a contract vehicle of some sort to receive software/hardware

PaloAlto Firewall Vsys

Dears

i have an 2 no's of physical PAN in HA and in multiple vsys that are splited as an internet firewall and DC Firewall,  can i know the disadvantages for the same. can i know the firewall resources are shared example CPU, RAM, if an CPU or RAM co

How to create Custom Application Signature to identify WebRTC Application with Cisco Meeting Server

A Custom App-ID allows you to do two things:

1. Create pattern-based signatures for traffic that doesn't match any of the pre-defined application signatures.
2. Create a Custom Application for use in an Application Override Policy to override a pre-define

PBF Rule Monitoring - Forced egress i/f?

I have a dual ISP configuration.  ethernet1/1 is primary Internet.  ethernet1/2 is backup wireless Internet (phone or dedicated hot spot as needed).  ethernet1/2 is connected to an old Linksys router running DD-WRT and it automatically connects to my

Traffic Log - What's the difference between the "Type" field and the "action" field

While investigating and navigating in the Traffic Log, I noticed for some traffic the Type is Drop and the Action is Deny, While in some traffic, the Type is Deny and the Action is Reset Both.

The Security Policy Rule is configured with the Deny

Internet is not reachable

Hi We have a pa-850 in our site and the issue is when i try to ping isp side ip , i am able to get ping  response. 

But when i use command ping source <eth1/1 ip configured with isp range usable ip>  host google.com

i am not able to get  any  respons