Best practice on what to advertise the “non-connected”/”non-static” NAT space.

Hi Guys my customer is in the heat of battle with policy and NAT review, but I wanted to toss something out there regarding the advertising/redistribution of the NAT space.

 There’s some discussion on how to advertise the NATs (aka non-connected or r

Minemeld install error on RHEL

I am attempted to perform an ansible install of Minemeld on RHEL 7. I am receiving the following error. Anyone seen this and have any suggestions for remediation?  Thanks

I receive the following message when I run the ansible playbook:

TASK [mine

invalid interface

hello have getting a lot of 802.1q tag not configured and invalid interface message in global counters. I'm trying to find the cause, I have configured subinterfaces I see traffic in rx.pcap with properly tag, all traffic is dropped, I see as destina

how to block internet download manager

hi everyon 

can palo alto block internet download manager?

if can, then how to block

Feature Request - Reporting

I just spoke to Jim Silha about reporting.  Palo Alto comes with a user activity report.  Under the section 'Browing Summary by Website' there is a 'Host' column.  It is much more report friendly than say 'URL'.

I would like to be able to use that in

HA Active/Active and VPN

Hello,

We have a scenario where a customer wants to deploy two PA3250s in two different locations which will be an Active/Active cluster. There will be a layer 2 link between the two sites and also customer wants a VPN as a backup if the layer 2 link

LDAP interval

Hi,

I have a question in reference to the LDAP interval time. Specifically what my goal is I want to be able to let the firewall know about my AD group membership changes quicker. For example if I have a specific AD group that is configured on the fw

Weirdest thing I have seen

Having a weird issue. I installed an 820. I have internet traffic being NAT'ed. My gateway is set to the Palo. My hops to the internet look like this 

Windows Box ---> Palo 820 --> Cisco Pix --> Internet Provider

Pretty basic.. I have a rule in place

Bad certificate _ inbound ssl inspection

Hi All

we are using 3rd party singed certificate for inbound SSL inspection , once we imported the certificate it is not showing any error and commit is working fine . once we add the certificate to decryption policy it is showing error as bad certif

GlobalProtect remote access - some pointers

Dear All,

I'm relatively new to Palo Alto firewalls and I am attempting to implement GlobalProtect to provide remote users with access to our internal network through the Palo Alto firewall and I am striggling to get even the most basic system workin

GlobalProtect Best Practices

I searched through previous threads to see what the best practices are for securing GlobalProtect but the only thread I saw was dated and didn't have too much information. Could anyone share what their best practice is with setting up GlobalProtect?