About trevor_debeer

Many thanks for this answer - it certainly clarifies or me how one would implement a comprehensive security strategy using the Palo Alto product set. I will definitely be looking at implementing Prisma for the network segmentation requirements and Cortex XDR for real-time operational security. The combination of both products will certainly meet our needs to provide all the functionality we currently use Trend Deep Security for. ... View more

I am not a current XDR user, but am looking at it as a replacement for Trend Deep Security. The accepted solution implies that XDR provides a firewall for Linux endpoints, but then goes on to talk about the solution providing a better alternative to managing Windows and Mac Firewalls separately, with no mention of the Linux Firewall. It is my understanding that Cortex XDR does not provide a Linux endpoint firewall and there is no roadmap to do so. Please can someone correct me if I am wrong. I realize that this comment does not answer the question in any way, but the following might: I absolutely agree that managing the firewall using a better tool than Microsoft's GPO is desirable, however again the accepted solution implies that a GPO cannot be applied based on Active Directory Group membership. This is not strictly accurate, although I will admit it is a highly challenging undertaking. I would recommend using the Cortex XDR Firewall instead of the Windows Firewall, purely to simplify your operations. ... View more

I had to reduce the interval and increase the threshold (2 secs and 1000 IPs worked for me and should be good for most scenarios). This way you won't drop normal traffic, but anything firing up more than 500 connections per second to different servers using the same port will get dropped. ... View more