About KumarRamalinga

Hello Experts - Can you clarify how to configure Paloalto firewall to source traffic from Data Interface rather than Management Interface   Scenario: When Firewall send syslog message to exernal Syslog Server, the Firewall has to be configured to have Source IP address of Internal Interface instead of Management Interface. It is similar command in Cisco IOS "logging source interface"   Regards/RB ... View more

Hello All - Can i understand that Zone Protection Profile is to Protect Firewall itself and DoS Protection Profile is to protect the servers and hosts behind the firewall from Internet? Can i achieve a DoS protection (For example SYN Flood attack) only by configuring DoS Protection Profile that will be tailored with Policy Rule with source and destination IP address?   Thanks in advance regards/RB   My readings are below. But my question is not answered in the below, IMHO Zone Protection Profiles —Apply only to new sessions in ingress zones and provide broad protection against flood attacks by limiting the connections-per-second (CPS) to the firewall, plus protection against reconnaissance (port scans and host sweeps), packet-based attacks, and layer 2 protocol-based attacks. Zone protection defends network zones against flood attacks, reconnaissance attempts, packet-based attacks, and attacks that use non-IP protocols. Tailor a Zone Protection profile to protect each zone (you can apply the same profile to similar zones). Dos Protection Profiles and Policy Rules —Provide granular protection of specific, critical devices for new sessions. Classified policies protect individual devices by limiting the CPS for a specific device or specific devices. Aggregate policies limit the total CPS for a group of devices but don’t limit the CPS for a particular device in the group to less than the total allowed for the group, so one device may still receive the majority of the connection requests. Denial-of-service (DoS) protection defends specific critical systems against flood attacks, especially devices that user access from the internet such as web servers and database servers, and protects resources from session floods. Tailor DoS Protection profiles and policy rules to protect each set of critical devices A DoS protection policy can be used to accomplish some of the same things a Zone protection policy does but there are a few key differences: A major difference is a DoS policy can be classified or aggregate. Zone protection policies can be aggregate. A classified profile allows the creation of a threshold that applies to a single source IP. For example, a max session rate per IP can be created for all traffic matching the policy, then block that single IP address once the threshold is triggered An aggregate profile allows the creation of a max session rate for all packets matching the policy. The threshold applies to new session rate for all IPs combined. Once the threshold is triggered it would affect ALL traffic matching the policy. Zone protection policies allow the use of flood protection and have the ability to protect against port scanning\sweeps and packet based attacks. A few examples are IP spoofing, fragments, overlapping segments, reject tcp-non-syn Zone protection profiles may have less performance impact since they are applied pre-session and don’t engage the policy engine   ... View more

Hello All - I am fundamentally not understanding the difference between Template and Device Group.  Using teamplate i can push a policy to multiple Firewalls.  Looks Device Group also does the same thing.    What is the difference, and use case. When to use template and on what scenario i have to use Device Group? Thanks   RB ... View more

Hello - I have Firewalls configured with Log Forwarding to Panorama. The question is, do the traffic logs of the Firewall Gateway keeps the copy of the logs and send another copy to Panorama or does it have only one copy forwarded to Panorama   Can i configure to forward all the traffic logs of the Firewall to the Panorama and not to keep local copy in the Firewall?   Thanks RB ... View more

Hello All - How to generate Top Talker report for a particular period. The Report should contain as below   Source IP address Destination IP address Bytes Services/TCP UDP Port numbers   These are the minumum filed should be in the Report. Can you pleae help to know who to achieve this. Roughly i tried using ACC module, but i couldnt achieve. I get Top sources seperately and Top destination seperately but not combined as a conversation ... View more