System Alert opaque: failed authentication for user ''. Reason: User is not in allowlist. auth profile 'GP', vsys 'vsys1', From: "public IP"

Hi,

I've been receiving many system alerts with the message:

opaque: failed authentication for user ''. Reason: User is not in allowlist. auth profile '', vsys 'vsys1', From" "Public IP"

eventid: auth-fail

It looks like these public IP's are tr

Zone types | Interface Types | Tap mode | Virtual wire | Firewall Migrations

The series of IP Network Security from Beginner to Expert Both conceptual & Practical, has some fundamental topics we already covered in previous articles, today we will explain below topics

•          Interface & Zone Types
•          L2/L3 and Tap
•    

Many system event about "ha2-link-change" that made HA2 status was down from 23:02:35 (19/Nov/2022) until 17:29:11 (20/Nov/2022) ,HA2 status is Up

Hi Guys,

      During weekend I found many system event about 'ha2-link-change' on Firewall event that was generated more 1400++ events/periods and send more email notification.
This events was occurred for 2 periods that made HA2 status was down fr

Does VM Series-Trial Support VMware Workstation ?

HI Guys

I have registered and got a VM-Series Trial for 30 days from this link.

https://www.paloaltonetworks.com/vm-series-trial

I clearly understand that the guide says the Hypervisor Supported are VMware ESXI. But I want to use it in my VMware wo

Fortinet Pre-authentication Heap-based Buffer Overflow Vulnerability (CVE-2023-27997) is covered in Palo Alto NIPS Signature ?

Hi all,

Can I check with you the following Fortinet Pre-authentication Heap-based Buffer Overflow Vulnerability (CVE-2023-27997) is covered in Palo Alto NIPS Signature ?

If yes, May I know which released signature version and threat id is covered f

http-req-user-agent-header

Hello,

SSO is requesting to me to add a rule on policy to alert http request without user-agent (empty) on header.

i know I can use vulnerability by adding a condition when « http-req-user-agent-header » is equal to a regex. 
i tried to use the rege

Using XFF for Logs Only

Hello,

I have an application behind a WAF, without XFF the source IPs are always my WAF and for auditing reasons I need to get and log the real client IP addresses.

Traffic flow is like this:

Client -> WAN -> NAT -> DMZ - App Server

My security

Multiple VSYS Lab

Good day!

Does anyone know how I can practice a multiple vsys? The VM-Series do not support vsys.

Thanks in advance!

LN

Prefix to Prefix NAT on Palo Alto Firewalls

Hello,

Can we configure prefix-to-prefix NAT translations on Palo Alto firewalls? Is there any easy way to do this?

For Example -

SRC - 10.1.1.0/24

DST - 1.1.1.1

SRC Translation to 10.1.2.0/24

SRC - 1.1.1.1

DST - 10.1.1.0/24

DST Translation to 10

How to Monitor Vsys and Subinterface status

Hi,

I would like to know is Palo Firewall able to monitor subinterface and vsys any status with SNMP?

Thank you

Captive Portal and Response Pages

hello 2 all,

i've a strange behaviour with my edge-palo-alto firewall:

we've enabled a captive portal on the inside (lan) interface with redirect, working as expected...

but when i enable the response-page on the outside (wan) interface followi