Using XFF for Logs Only

Hello,

I have an application behind a WAF, without XFF the source IPs are always my WAF and for auditing reasons I need to get and log the real client IP addresses.

Traffic flow is like this:

Client -> WAN -> NAT -> DMZ - App Server

My security

Multiple VSYS Lab

Good day!

Does anyone know how I can practice a multiple vsys? The VM-Series do not support vsys.

Thanks in advance!

LN

Prefix to Prefix NAT on Palo Alto Firewalls

Hello,

Can we configure prefix-to-prefix NAT translations on Palo Alto firewalls? Is there any easy way to do this?

For Example -

SRC - 10.1.1.0/24

DST - 1.1.1.1

SRC Translation to 10.1.2.0/24

SRC - 1.1.1.1

DST - 10.1.1.0/24

DST Translation to 10

How to Monitor Vsys and Subinterface status

Hi,

I would like to know is Palo Firewall able to monitor subinterface and vsys any status with SNMP?

Thank you

Captive Portal and Response Pages

hello 2 all,

i've a strange behaviour with my edge-palo-alto firewall:

we've enabled a captive portal on the inside (lan) interface with redirect, working as expected...

but when i enable the response-page on the outside (wan) interface followi

Security rule with URL category mixed up

Hello,

We have a weird rule in our Security Rules list.

Basically it's allowing any to any with some specific applications, but also a custom URL Category in "Service/URL Category" tab.

So normally it should allow only the traffic hitting the U

Blocking TLD mov and zip

Hello,

Was wondering if PA does this automatically or if it needs to be done manually - blocking TLD .zip and .mov?

We use the Advanced URL and DNS Security license as well.

Thank you.

Tenant ID change on NGFW

Hi all,

We have a set of NGFWs that somehow are pointed to an old tenant ID and therefor not dropping the logs into the CDL. We have put in a TAC case but haven't gotten any resolution as of yet. 

Is there a way in the CLI to change the tenant ID?

2 PA-850s and 1 PA-440

Hi,

I received a quote from a supplier for 2 PA-850s with Wildfire , Partner enabled premium support and GlobalProtect subscription.
Then for the PA - 440 - Wildfire , GlobalProtect , advanced Url filtering , advanced threat protection and premium supp

User-ID with Azure AD

Hey all, I've set up User-ID with on-prem AD servers a few times - quite straightforward.

My question is, how do I set up User-ID when my customer uses Azure AD (with no on-prem servers)? I need to someone get the user-to-IP mappings on the firewal

Palo Alto New User ID Agent Adding to Firewall

Hi All,

We want to add new User ID Agent to our Palo Alto Firewalls and remove the existing user ID Agent from Firewalls.

The reason is the current User-ID Agent is hosted on Window 2012 and we are going to decom that Window server.

We will install n

Palo Alto Site to Site IPsec VPN went down

Hi ,

We've setup Site to Site IPsec VPN between Palo Alto Firewalls. The tunnel was up and working but it went down after some time.

Look like the tunnel went down because there is no traffic passing through the tunnel. Everytime we need to trigger

VPN internet access

I have set my VPN access with no split tunnel so the users gets their internet access through the access through the VPN. Even though I cloned the security rule to the internet from the one used when you are onsite, it does not give the same access t