This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies. For details on cookie usage on our site, read our Privacy Policy
Going directly to the site from my browser the request uses port 80(web page blocked), when using google search the request uses port 443 and I receive "This site cannot be reached" "The connection was reset".
... View more
When you go directly to "shodan.io", which is categorized as a hacking site, the palo will block that URL. When searching thru google for that site, then click on it, a reset page is sent, need to understand why? Is it considered a "threat" if google makes the request? so the threat settings would be used instead of the URL Filtering Security settings? Would Severity settings come into play?
... View more
The session browser logs display BGP port 179 sessions trying to connect to the same destination peer address, in 2 different zones, the correct zone and the captive portal zone, is this normal? We are not using Captive Portal, but I do see it enabled under Device>User Identification>Captive Portal Settings.
... View more
My question would be if Panorama is unavailable and we need to apply a new local rule on a firewall(to block something), how can we create this new local rule and move it above the Panorama managed Pre-Rules? Correct me I am wrong, but any new local rules will be applied below all Pre-Rules and above the Post-Rules.
... View more
Under the URL category of "educational institutions"(set for alert) we are generating a enormous amount of logs identified with an application of “windows-remote-management”. I currently have modified that category to "allow" which eliminates all logging of that category. What I really would like to do is define the category back to alert, but define traffic identified with the application of “windows-remote-management” as "allow" hoping to stop URL logging only on the application “windows-remote-management”, all other traffic under the URL category of "educational institutions" would continue to log. Category would be defined as "alert", logs generated. An application under that category would be set to "allow", no logs generated. Is it possibe?
... View more
I have worked on all Palo Alto models and it seems to me the log search takes much more time on 7050's than on other models. Currently we do not expiration timeframes set for logging, only for the extpcaps file. Sometimes the log screen will refresh multiple times when using filters in my log search.
... View more