Temporarily disable SSL decryption

Hi

I was wondering if anybody knew if the temporary disable SSL decryption is actually broken or it is my firewall, I needed to switch it off as I was having issues getting to sso.paloaltonetworks.com (which oddly is not covered by exclusion list)

اسعار تكييفات كاريير

تكييف كاريير أوبتيماكس إنفرتر يمثل تطورًا مبتكرًا في عالم التبريد والتكييف. يتميز بتقنية الإنفرتر المتطورة التي توفر كفاءة عالية في استهلاك الطاقة وتوفير في التكاليف. يعتمد هذا النظام على تحكم دقيق في سرعة المحرك، مما يسمح بتعديل الطاقة المستخدمة وفق

AWS Tunnels Down when We make a Failover

Hello everyone,

I have observed that when a failover occurs on an active/passive cluster the IPSEC tunnels to AWS all go down and take a time to recover.

I have verified that the traffic goes down and does not communicate for a time of about 5-10 min

Extending VLAN through IPSEC + GRE

I am trying to extend the VLAN from main site to branch site using a combination of GRE and IPSEC.

Below is a quick representation of the architecture, the objective is to enable remote communications between the main and the branch sites for all d

GP fails on iOS, connects on Android, Mac and Windows...

We're migrating to a new PKI, the Issuing servers are signed by the root and all (3) certificates (Root, Issuing 1 & Issuing 2) are being pushed to the iOS devices via Workspace One. The config is more or less identical to the original PKI (the old P

Configuring BGP within Service Connections timer

I needed to modify the earlier question; it was not a BGP keepalive timer, but as mentioned below.

"I wish to edit the BGP timers for Service Connection from Prisma Access.  The settings can be viewed from Workflow ---Prisma Access Setup---Ser

TCP fast open and Palo Alto

as far as I could test there is no way to make TCP fast open work through a Palo Alto fw (at least, since  9.1 which seemed to work. It tried 10.2 and 11.2 and all my tests fail there).

Whenever a client sends a SYN packet with data, it is transmitte

ISP Line traffic

We possess a set of PA devices configured with two ISP lines operating in an Active-Backup setup. Our objective is to permit email traffic to flow through the backup line as well, as we receive emails on both lines. However, we're encountering a prob

Error comparing with candidate config

Hi,

We have an issue in our PA cluster. When we try to compare the candidate config in DEVICE->AUDIT CONFIG  we get this error:"
failed to get content for 'base--candidate'"

Version is 10.2.9-h1

GlobalProtect and other VPNs

Good afternoon friends  

I have some doubts regarding the application of GlobalProtect VPN, which is mandatory in my work.

I have a few questions and would love to hear the community's answers regarding the below.

I'm in Ireland and I would like to

PA-850

Hello all,

Could you please give me correct US and EU ECCN for PA-850?

Thank you in advance.

Best regards,

Remote Command Execution Vulnerability

Hi,

We have detected so may critical vulnerability in our firewall . i have attached the screenshots. 

1.is there a way to avoid these kind of traffic?

2.where can i find more about how to block these kind of traffic?

Routing logs

Hello...

I have a question regarding default static route logs.

We 2 ISP links configured with path monitoring at default settings (Failure Condition=Any, Preemp HT=2min, PI=3 & PC=5)

As seen in the attached logs, there are alternate path-monitor-fai