Does VM Series-Trial Support VMware Workstation ?

HI Guys

I have registered and got a VM-Series Trial for 30 days from this link.

https://www.paloaltonetworks.com/vm-series-trial

I clearly understand that the guide says the Hypervisor Supported are VMware ESXI. But I want to use it in my VMware wo

Fortinet Pre-authentication Heap-based Buffer Overflow Vulnerability (CVE-2023-27997) is covered in Palo Alto NIPS Signature ?

Hi all,

Can I check with you the following Fortinet Pre-authentication Heap-based Buffer Overflow Vulnerability (CVE-2023-27997) is covered in Palo Alto NIPS Signature ?

If yes, May I know which released signature version and threat id is covered f

http-req-user-agent-header

Hello,

SSO is requesting to me to add a rule on policy to alert http request without user-agent (empty) on header.

i know I can use vulnerability by adding a condition when « http-req-user-agent-header » is equal to a regex. 
i tried to use the rege

Using XFF for Logs Only

Hello,

I have an application behind a WAF, without XFF the source IPs are always my WAF and for auditing reasons I need to get and log the real client IP addresses.

Traffic flow is like this:

Client -> WAN -> NAT -> DMZ - App Server

My security

Multiple VSYS Lab

Good day!

Does anyone know how I can practice a multiple vsys? The VM-Series do not support vsys.

Thanks in advance!

LN

Prefix to Prefix NAT on Palo Alto Firewalls

Hello,

Can we configure prefix-to-prefix NAT translations on Palo Alto firewalls? Is there any easy way to do this?

For Example -

SRC - 10.1.1.0/24

DST - 1.1.1.1

SRC Translation to 10.1.2.0/24

SRC - 1.1.1.1

DST - 10.1.1.0/24

DST Translation to 10

How to Monitor Vsys and Subinterface status

Hi,

I would like to know is Palo Firewall able to monitor subinterface and vsys any status with SNMP?

Thank you

Captive Portal and Response Pages

hello 2 all,

i've a strange behaviour with my edge-palo-alto firewall:

we've enabled a captive portal on the inside (lan) interface with redirect, working as expected...

but when i enable the response-page on the outside (wan) interface followi

Security rule with URL category mixed up

Hello,

We have a weird rule in our Security Rules list.

Basically it's allowing any to any with some specific applications, but also a custom URL Category in "Service/URL Category" tab.

So normally it should allow only the traffic hitting the U

Blocking TLD mov and zip

Hello,

Was wondering if PA does this automatically or if it needs to be done manually - blocking TLD .zip and .mov?

We use the Advanced URL and DNS Security license as well.

Thank you.

Tenant ID change on NGFW

Hi all,

We have a set of NGFWs that somehow are pointed to an old tenant ID and therefor not dropping the logs into the CDL. We have put in a TAC case but haven't gotten any resolution as of yet. 

Is there a way in the CLI to change the tenant ID?