ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.
Hi Matt, Try using /32 as the netmask for any additional IP addresses. For example if you want to assign lets say 172.16.5.2, 172.16.5.3 and 172.16.5.4 to a single interface, you would add: 172.16.5.2/24 <- using the correct netmask here 172.16.5.3/32 172.16.5.4/32 This worked for me. Hope this helps...
... View more
Hello, I have 2 networks in 2 different security zones. I have been trying to set up the firewall (PA-500) to allow only icmp echo request (ping), which is an icmp message number 8 and 0 between the two networks. When using predefined application called "ping" it allows other traffic and not just the icmp ping. I have also tried to create a custom application rule that would define icmp message number 8, but it does exact same thing as the predefined "ping". The rule would look like this: Name Source Zone Destinatio Zone Source Addr Source User Dest Addr App Service Act Profile ICMP Ping between Zone1 Zone2 any any any ping any none zones When I run tcpdump or such utility on Zone2 host I see also TCP and UDP traffic. The firewall Monitor tells me that this is the rule that allows the other traffic. This could be a potential security issue? Any suggestions would be greatly appreciated.
... View more