This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

About SThatipelly

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SThatipelly
‎09-09-2022
since ‎08-03-2017
L4 Transporter
User Activity
User Profile
Latest posts by SThatipelly
View All
User Badges
Community Statistics
Member Since ‎08-03-2017 01:42 PM
Date Last Visited ‎09-09-2022 08:51 AM
Posts 228
Total Likes Received 11

Panorama-shared objects

by in General Topics
‎06-08-2022 08:16 AM
‎06-08-2022 08:16 AM
I am just setting up a panorama with 25 managed firewalls. How can I have shared objects that are only shared between few firewalls but not all? My perimneter firewalls have huge number of objects which I would not like sharing with other remote firewalls but to some datacenter firewalls. how can I achieve this?   Thanks. ... View more

log at session end?

by in General Topics
‎09-21-2021 11:56 AM
‎09-21-2021 11:56 AM
I have around 500 policies having 'log at session end' enabled and 'log at session start' disabled. I know Palo recommends logging at session end only but I also have a concern that for eg. a malicious file export that lasts for 8 hours and 10gigs go unnoticed if the session wasn't logged at the start. I am in a dilemma to enable the logging at start or not. Please shed some light on this. Thanks. ... View more

Re: Ineffective IP spoofing protection

by in General Topics
‎06-28-2021 01:49 PM
‎06-28-2021 01:49 PM
Yeah, I think I'm left with that one option only for now. Sorry for not wording the question properly. Thanks so much for your help.   ... View more

Re: Ineffective IP spoofing protection

by in General Topics
‎06-28-2021 01:03 PM
‎06-28-2021 01:03 PM
Nope, they are in same IP range and subnet. My Outside interface is a /24 which hosts the public routers and public IPs for the DMZ servers. This is what throwing me off on the protection steps I need to take.   Should I simply put in a rule saying that traffic from all but few 1.2.3.x should be blocked to 1.2.3.0/24 on firewall? ... View more

Re: Ineffective IP spoofing protection

by in General Topics
‎06-28-2021 12:24 PM
‎06-28-2021 12:24 PM
@vsys_remo I greatly appreciate you taking time to test this. I see that is working just as described which is great however I have a concern here. So, some of my DMZ servers are in that public IP range and also a neighboring public router(outside the firewall) that has the  IP in that same public IP range. so, let's say there is a packet from that public router(1.2.3.10) destined to SNMP server(1.2.3.80). Does the IP spoofing prevent that traffic? if so, is there a way I can exclude that rather than putting in an additional security policy? ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎09-09-2022 08:51 AM
Latest Tags
No tags yet
Likes Given To
LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks