VLAN Interface, Zone and Security Rule

Hello guys.

always thank you for very helpful advice.

I have a question about VLAN Interface on Palo Alto Firewall.

As you can see below pictures, I made VLAN Interface and L2 Security Zone.

also I created security rule which allow internal

Allow SFTP downloads but block uploads

I have a use case wherein I am required to block SFTP uploads but allow the downloads.

I understand we can do this for FTP by creating a file blocking profile , but how can we do the same for SFTP.

PA-220 antivirus db will not show via manual or dynamic updates.

Hi all,

I have setup a PA 220 at home and have all licenses showing as functional.

I manually installed the apps and threats DB successfully. (it is seen under dynamic updates)

I manually installed the antivirus DB successfully. (it is not seen u

Multiple GlobalProtect profiles based on LDAP groups

I have tried multiple searches, but can't seem to find the answer that I am looking for.  I am migrating from Cisco ASA firewalls to a PA-440.  The PA-440 is running PanOS 10.1.6-h6.  On the Cisco we have multiple VPN profiles.  Each profile has acce

NGFW Application catagory

Afternoon all,

Been looking at an application called "SimpleHelp" - according to google ...

" it allows Any technician to log in using the following steps: Open your web browser and navigate to the technician address of your installed SimpleHelp se

how to know which informational level log related with hackers and invasion?

how to know which informational level log related with hackers and invasion?

when this can be found, how to deal with this kind of attack and informational log?

For example, in the past, smart install security incident , there kind of log are not

what kind of logs are security engineers looking for in palo alto ?

what kind of logs are security engineers looking for in palo alto ?

any tutorial and documents mentioned about these?

Unabe to import the custom url category in 10.2.x

While trying to import the custom URL category noticed the process is not happening. Showing us uploading but not happening. Seems it's a bug in 10.2.x.Same is working fine in 10.1.x

How does a firewall/vwire handle ethercode 0x0721

Hi,

we are currently setting up a clean pipe for Cisco ACI setup, so the intra-ACI traffic will pass the vwire, to have basic IPS inspection done.

Our setup is an A/P HA with a vwire.

Cisco is using Layer-2 ping with ethercode 0x721 to check, if th

Migration of PA FW of Different Model

Hi All,

Need to migrate 1xPA220 by 2xPA3020 and 1xPA500 by 2xPA450 with same configuration and connectivity. Can anyone help me what are the precautions i need to take to make migration successful.

Error when exporting using SCP

Hi community, 

When I'm trying to export a debug or dump file I'm getting this output:

          "scp: Failed to open file '/'.
           lost connection"

I tried this on PANOS 10.1.5-h1 and 10.1.6,

Is anybody facing this behavior?

Anyone else seeing ublockorigin.pages.dev and malware-filter.pages.dev being blocked in the phishing category?

This morning I noticed some hosts on our network were blocked from visiting ublockorigin.pages.dev and malware-filter.pages.dev because the URL filter categorized those pages as phishing. These URLs appear to be associated with the uBlock Origin adbl

How DNAT is working , Is DNAT configuration wrong ?

Hello world !

In my new company I saw a DNAT policy which is completely different from what I have learned yet. Can anyone help me with that. Below I am giving an example.

To make it simple suppose we have three zone INSIDE, OUTSIDE AND DMZ

To make