Firewall Sending NetBios Probe Packets from the Public Interface

Firewall Sending NetBios Probe Packets from the Public Interface

24561
Created On 09/25/18 19:25 PM - Last Modified 06/13/23 02:54 AM


Resolution


Symptoms

Firewall is sending NetBios traffic (ports 135 and 445) to external IP addresses.

 

Issue

This will happen when user identification is enabled on the untrusted zone and the option to perform WMI/NetBios probing is enabled.

 

Resolution

To prevent the User-ID agent from probing external IP addresses, configure an include list for the zone and only specify the IP Pool range configured for GlobalProtect clients.

 

owner: rvanderveken
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClY0CAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language