Firewall - License Expired and Palo Alto behavior

In case your Palo Alto licenses suddenly expires Palo Alto will face below behavior.

What Happens When Licenses Expire?

What Happens When Licenses Expire? #2

Consider that, in case Firewall/VM will be rebooted only 1200 sessions, at the same time, will be available

Server - How to debug DNS queries on Domain Controllers

On windows Server environment, it could be useful to debug and save any DNS query submitted to your domain controllers/DNS servers.

There is an easy way to achieve this goal.

In fact you need to enable DNS debugging mode.

After this feature is enabled you can check logs and identify devices that are querying specific DNS entries/websites.

This approach it is useful, at first, about security interdipendence as well...

  1. Open DNS Manager (dnsmgmt.msc)
  2. Right-click the DNS server and click Properties.
  3. Click the Debug Logging tab.
  4. Select Log packets for debugging.
  5. Enter the File path and name, and Maximum size.

[related articles]

Firewall - Complete list URL Filtering Categories #PALO ALTO

Palo Alto has URL filtering feature possibility.

About complete list URL Filtering Categories here it is official web link:

In case you would like to test web site link and find relative categorization here it is another useful link:

2016 #Multiple RDP connections #how to bypass 2 session limit

If you need to allow RDP multiple connection to windows 2016 server you can follow below procedure.

Be aware that alrerady installed internal RDS cal server is a prerequisite

Here they are minimal steps that need to be followed:

  1. Go to Server Manager in Windows Server 2016
  2. Click Add Roles and Features
  3. Then select Role-based or feature-based installation
  4. Choose:  Remote Desktop Services
  5. Then choose:  Remote Desktop Session Host
  6. Install the role
  7. restart server
  8. GDPEdit.msc
  9. Go to Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Connections
    • Set Limit number of connections to Disable.
    • Set Restrict Remote Desktop Services users to a single session to Disable.
    • Set Limit number of connections to enabled 999999
  10. Go to Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Licensing
    • Set Use the specified Remote Desktop license servers to enabled (indicate FQDN server name)
    • Set the Remote Desktop licensing mode to enabled (Per User or Per Device)
  11. gpupdate /force
  12. Test multiple RDP connections
  13. Launch RD Licensing Diagnoser snap-in to check that everything is working properly.

Firewall #Palo Alto and dynamic/blacklist IP

Palo Alto permit to read proper .txt file exposed through https/http website (usually IIS) to import IP list to that must blacklisted

I am taking note about official article:


Office 365 through Outlook or Owa/Web link give you possibility to recall/modify email sent but not already read.

Here they are some exemplificative screenshots and procedure.

Recall or replace an email message that you sent