About KdG-Netadmin

KdG-Netadmin · ‎01-26-2022

Hello, We have this problem too. I already excluded more than 50 of these WGeneric virusses :(. A few times we reported the false positive to TAC through our partner, but we have to follow article https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm3aCAC . It just takes too much time to collect the data, start a case, .... And this on top of the case I have with my end user. It would be a great relief if we could exclude this entire category of viruses (at least the new signatures in this category), because it triggers too much false positives. Regards

KdG-Netadmin · ‎11-30-2015

Thank you for your clear answer. Stefan

KdG-Netadmin · ‎11-27-2015

Thank you for your reply. Very interesting document. There is no way to solve this on the company firewall only? Subnet 10.0.0.0/13 is a subnet of a remote router in our network, it's not a subnet of the firewall itself. As a test I tried to make NAT rules for client 10.0.1.86 with server 10.202.20.20 on our company firewall: Source NAT rule for the incoming traffic to our company: source zone = vpn; dest zone = trust; source ip = 10.0.1.86, dest ip = 10.202.20.20; source translation = static ip / 10.207.218.5 / not bi-directional and a destination nat for the outbound traffic source zone = trust; dest zone = vpn; source ip = 10.202.20.20; dest ip = 10.207.218.5; dest interface = tunnel.5 / dest translation = 10.0.1.86 When I run a Packet Capture on interface tunnel.5, I only see (icmp) packets coming from 10.0.1.86, but I don't see anything in the policy log. Can someone explain this to me? Thanks!

KdG-Netadmin · ‎11-27-2015

Hello, We're trying to build a Site to Site VPN connection with an other company. They are installing software on two of our servers (10.130.0.100 and 10.202.20.20) and they need the VPN to automatically transfer configuration and other files. The VPN-link is active but we have a problem with overlapping subnets. They use subnet 10.0.1.0/24, but we also use that subnet in our network. I have little experience implementing NAT. Is it possible to use a NAT-rule on our PA5020 that translates the 10.0.1.0/24-subnet adresses from the other company into a 10.207.218.0/23 IP? I already created a route in the PA to route traffic to 10.207.218.0/23 into the tunnel.5 interface. Can someone explain me in detail the NAT-rule (and other policies, routes) I have to create? Thanks, Stefan

KdG-Netadmin · ‎10-07-2013

Hello, We want to use wake on LAN in a vlan attached to a layer3 interface on the firewall. The magic packets are sent from a server outside the vlan to the broadcast address. I allowed WOL-packets in the firewall policies, and I see them in the logs, but the computers don't start. Do we have to configure something else in the firewall to allow ip directed broadcasts like we have to do in our cisco L3-switches? Thanks, Stefan

Member Since	‎11-28-2012 02:07 AM
Date Last Visited	‎06-20-2022 10:34 AM
Posts	5

Online Status	Offline
Date Last Visited	‎06-20-2022 10:34 AM

About KdG-Netadmin

Re: Threat Log False Positives

Re: NAT and site to site VPN

Re: NAT and site to site VPN

NAT and site to site VPN

IP Directed Broadcast

Re: Threat Log False Positives

Re: NAT and site to site VPN

Re: NAT and site to site VPN

NAT and site to site VPN

IP Directed Broadcast