Hello everyone, I wanted to share some knowledge I've gained about investigating common Layer 1 to Layer 4 issues, such as MTU mismatches and DoS attacks, using key Palo Alto Networks firewall features like Global Counters, Flow Debug, and packet captures. The first steps in troubleshooting these issues are always to check your routing, run ...
This Nominated Discussion Article is based on the post "Configure Split tunneling by domain" by @BigPalo and responded to by @Raido_Rattameister and @BPry Read on to see the discussion and solution! Hi, I just configured split tunneling by domain using this domain test: *.portal.microsoft.com (port 443) But i can not see this traffic going ...
Written by Alex Laulhe. With special thanks to Anupam S. & Amogh G. for their contributions. This guide is designed to help firewall admins effectively understand flood attack prevention and troubleshoot flooding incidents detected by Palo Alto Networks firewalls. Whether the event is triggered by packet buffer protection (PBP), Zone Pro...
This article is inspired from Tips & Tricks: Flow Basic Debugging written by @kiwi and I recommend reading that article first before reading this one. Palo Alto Networks NGFWs use App-ID to detect the exact application inside a traffic stream but sometimes traffic will be first classified for example as App-ID "SSL" and after the decrypti...
What is Selective Push? Selective Push on Panorama lets you deploy specific configuration to your firewalls instead of pushing everything all at once. Terminology Push Scope: The final admin view of committed changes with an option to select the changes that will be pushed to the selected target firewalls. Config Audit Window: This window is ...
Most days, BGP runs quietly in the background. BGP advertises routes that keep your WAN, VPN, cloud environments, and public services connected and reachable. Until it doesn’t. And when BGP breaks, it’s not just a routing issue, it’s unreachable services and frustrated users. This guide will help you troubleshoot BGP on Palo Alto Networks fire...
This document outlines the various system modes available for Palo Alto Networks Panorama and provides guidance on transitioning between them. Panorama offers flexibility with its different modes: Panorama, Management-Only, and Logger. Reasons for changing system modes might include optimizing resource allocation by separating log collection a...
Palo Alto Networks 7-byte Custom Signature Minimum Removed in Newer Versions and Why it Matters! In the newer versions after 9.1, Palo Alto Networks now does not have 7-byte minimum length limit and is really useful, as an example, to make a signature that will block traffic to a web page if too many times the login parameter "user" is seen in...
Palo Alto Networks NAT Session Distribution as a Way to Implement Server Load Balancing The Palo Alto Network Destination NAT Session Distribution can be used to implement similar to Load Balancer functionality by using one of the "distribution" methods. You need to allow the traffic with a with a security policy rule from the correct sour...
How to Write Palo Alto Networks Custom Vulnerability and Application Signatures with Examples Palo Alto Networks NGFW and Prima Access have many predefined IPS vulnerability signatures but sometimes extra custom signatures are needed that are specific to the application being protected as this need internal domain knowledge. I'll provide e...
Logging is a critical component in network security, helping organizations maintain visibility, compliance, and forensics. Panorama, with its powerful log collection and analysis capabilities, supports distributed environments at scale. However, optimal performance depends on careful planning and adherence to best practices. This article provide...
This Nominated Discussion Article is based on the post "sorting question" by @MattJakacki and responded to by @JayGolf and @Remo . Read on to see the discussion and solution! How do I remove the sort by ascending/descending in tabs like vulnerability protection profile and in URL categories, I recently accidentally activated these features a...
This Nominated Discussion Article is based on the post "Using the REST API to create a bunch of Address Objects" by @DaveFitz and responded to by @TomYoung . Read on to see the discussion and solution! I have to create a large number Address Objects and would like to use the REST API to do so. I've seen a number of examples at adding var...
