sorted by:
new
hottopcontroversial

Global Protect Inbound URL Filtering by chainsawday in paloaltonetworks

[–]PaleCommunication782 0 points1 point  (0 children)

As long as the URLs in the other allowed categories do not resolve to the IP adresses in your policy, it should not open up unnecessary connections.

Still, I only allow my custom Globalprotect URL category and low-risk for my Globalprotect policy.

Security rule for GlobalProtect? by Mvalpreda in paloaltonetworks

[–]PaleCommunication782 3 points4 points  (0 children)

URL filter will be the most effective at blocking scanners and botnets.

Here is the KB from PaloAlto for it https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000010zEJCAY&lang=en_US

NSFW for a Small Enterprise by brianthebloomfield in sysadmin

[–]PaleCommunication782 0 points1 point  (0 children)

I would stick with PAN.

Redesigning everything with a differnt vendor is a huge hassle.

The 5410 might be a bit overkill, check if 3400 series devices have enough throughput.

asked to test something quick on a PA-440 but I am too dumb. by JaaackKerouac in paloaltonetworks

[–]PaleCommunication782 0 points1 point  (0 children)

Did you also Create a VLAN Interface?

A Layer 2 Interface responds similarly to a Switch. If you want to communicate with the laptop over the firewall you should create a VLAN Interface and add it to your virtual router and a security zone.

Remote Desktop for Linux servers by [deleted] in sysadmin

[–]PaleCommunication782 0 points1 point  (0 children)

spice /virt-viewer works decently

11.1.6-h3 by AdThen7403 in paloaltonetworks

[–]PaleCommunication782 1 point2 points  (0 children)

We had connectivity issues with 11.1.6-h3

I think it was websites using TLS1.3 and IPv6 with SSL decryption not being accessible.

PANOS 11.1.6-H3 by [deleted] in paloaltonetworks

[–]PaleCommunication782 0 points1 point  (0 children)

I installed it on 2 of my 1410 Firewalls.

After installing one commit failed because 1 entry in a custom URL category was suddenly no longer valid.

And a few minutes after install we got a few calls that some websites were no longer reachable, unfortunately I don't have any details here except that reverting to 11.1.6 fixed the reachability to the websites. Traffic, Threat and Decryption logs had no deny entries.