Dear All,
First, I would like to thank the community for help us a lot of time. i have a question, is their feature in Palo Alto to inspect the internal traffic (IDS and IPS)?
Hi All,
Just some queries,
1) what is the difference between the App base rule and Service base rule?
2) For security purpose which one is a more secure app or service base rule?
3) What is the benefit of using App base rules?
Thanks in advance.
I am spinning up a new 820 HA pair and on my last site I am getting an error when downloading the OS and dynamic updates. The other site work fine. I am getting the following error:
We got certificate tree like this:
the public certificate (Trusted root CA) from Digicert, Intermediate cert (Digi root) and then the SSL/TLS cert (DigiVPN). This DigiVPN is going to expire soon and we use it for GP portal and GW. The server cert is b
...
Hello,
From what I understand, when creating a tunnel monitor between two PA devices it's best to assign IP addresses on the same segment to the tunnel interface on each side. The monitor is then setup with the remote destination on each side.
Examp
...
Hello friends,
I would like to know expected issues if we enable ssl forward proxy to a production environment. There are services allowed with different ports , web services and all working fine now. As this is first time am planning to enable for
...
Hi,
We need to add secondary PA-220 to existing (production) standalone PA-220 and make it has Active/Standby. Trust interface on PA will be trunk with two sub-interfaces. Both the PA trust interfaces are going to connect downstream Core switch. Core
Is there a way to export a deactivated GlobalProtect client MSI installer from the firewall or download a version from the support website? A client also has a palo alto firewall, but is on a different client version than what I use internally. The
...
Hello All,
I am facing issue to export traffic logs from the firewall in CSV format. getting the error "no jobs query found".
Troubleshooting:-
* Increased the CSV row number up to 1048576.
* I can export URL filtering logs, security policy, NAT policy
...
Hi Team,
I import the configurations from managed device to panorama then export to managed devices of our A/P firewalls. everything went well. but when I see the summary on panorama passive device template showing as in sync but active device templa
...
Hi Team,
I have below network Architecture
Upstream Internet Firewalls PA 5050 Active/Standby
Downstream Datacenter Deployment 5220 Active/Standby
Now We have 2 VYS in DC 1 is Normal 2nd DMZ Vsys.
Now i have to remove DMZ vsys to ISP can some guide
Do you know of a CLI command or a rest API call to push and to show the changes of configuration to be pushed to a firewall from Panorama? I am trying to automate the process, but could not find any references.
I'm getting the following start error message on Windows Server 2019 running ID-Agent.
The MADebug file shows the following as well.
------------MDM Service is being started------------
11/10/20 15:52:06:552[ Info 1414]: Os version is 6.2.0.
11/10/20
I'm switching to route path monitoring for VPN backup failover and would like to keep my tunnel monitoring active for down/up tunnel email notifications. I can set the tunnel monitoring to wait to recover. Can I use both of these at the same time a
...
We have separate zone protection profiles for each zone. And the definition of aggregate says that "all thresholds apply to the entire group of devices specified in a DoS Protection policy rule". So if we are trying to protect servers in DMZ, unless
...
reaper
on:
dynamic update failed
reaper
on:
eventid eq tunnel-status-up/down
reaper
on:
Problems accessing knowledge base
Raido_Rattameis
OtakarKlier
on:
Unable to ping website, getting this site can't be reached
