EDL and FQDN ID Tools

Community,

I wanted to provide an announcement of a couple of open source tools that I have written and published for External Dynamic Lists (EDL) manager as well as a method for identifying domains in use for SaaS applications that can be used ind

Send File to CDL Receiver Failed

Hi all,

I have a PA-440 currently at 10.2.7-h3. 

After performing PAN-OS upgrade, there is an error on telemetry stating "Send File to CDL Receiver Failed". 

I found a similar article and applied the suggestion by retrieving the license key

HA1 Interfaces PA-1410 + interfaces dell

Hi PA-1410 comes with it's own rj45 ports for HA1-A and HA1-B. For HA2 it has a dedicated port that needs a SFP. My question is the following: Can we add 1 Gbps SFP fiber modules to the firewall and configure them as HA1/HA2 or is it mandatory to use

Licenses

Hello All,

Is there away i can get a free trail licenses for my own virtuall KVM lab in palo alto please?

i cannot add any devices to panorama unless i have applied licenses to the palo alto firewalls

any help i appreciated.

Regards,

SS

Testing nmap protection

I have a PaloAlto firewall in a virtual environment. I am trying to test my nmap protection rules and test the number of cps I should be using, but for some reason I cannot ping the interface I want to test my nmap on from an external machine. I can

spyware alerts for <something>.fmb.la

this just started popping up for DNS queries inside going outbound, my PA440 is dropping the packets as a spyware threat. This is quite a new development, probably last 24 hours.

Example action below:

name-of-threatid eq 'generic:com.fresh.fmb.la

Threat detections of "Canonical ksmbd-tools ksmbd.mountd ndrwritebytes Heap Buffer Overflow Vulnerability(94951)" in Windows server traffic

Anyone else seeing the following alerts:
tcp,alert,"gpt.ini",Canonical ksmbd-tools ksmbd.mountd ndrwritebytes Heap Buffer Overflow Vulnerability(94951)

But this is being detected in traffic between 2 Windows server, so it doesn't make sense. Seems t

How to check NAT IP over-utilized or not?

Hi Mates,

We have particular Source NAT based on IP address and want to understand if there is any way to check the current utilization of IP's for NAT. This might help to add more IPs to prevent from overutilized.

Thanks in advance.

Ankit

PA-850 Static NAT between 2 Switches

Hello all.  Looking for help here.  I am trying to create a static NAT between two switches using a vwire, but it doesn't seem to be working.  Can someone please provide steps on how to make this happen?  I do not wish to insert routers between the s

SMB share - Right clicking shared folder and selecting folder properties

Hi all,

We have observed an issue with an SMB share which traverses our PA FW.

The initial rule was setup simply such that the client was allowed to access the remote SMB share in the firewall rule base by use of the inbuilt ms-ds-smb application

Monitoring Subinterfaces with zabbix

I would like to ask if you have experience with integrating Zabbix and Palo Alto FW. I have an issue with graphs traffic on subinterfaces as it is not accurate compared to the port connected on the other end. For example, on the switch port, I see 20

USER_ID mapping constantly changing with Zscaler App

Hi Team,

We are facing an issue where PA user authenticated access from ZScaler app connect servers is failing intermittently.

Access through PA FW to a server network using user authentication is failing intermittently when connections are made

PaloAlto to Watchguard Site to Site connects but passes no traffic to parts of the Watchguard site.

Looking to see if anyone has come across this issue. We have setup a site-to-site tunnel to another location. We have a PA460 running 10.7.h3 and the other location uses a watchguard firewall with NetMotion for their Vpn clients. When we connected, t