SSL DERYPTION : How to automate URL/domaine decryption Exclusion properly?

Use case : Ours users go through Palo alto for internet access. Decryption feaures has been enabled.
When users try to access to internet may failed because the decryption-error.
We need a solution to automate URL SSL decryption exclusion and log urls

How Palo Alto Networks Identifies GnuTLS Server Hello Session ID Heap Buffer Over Without Decryption

HI All,

We detected Vulnerability: 36926 ID- GnuTLS Server Hello Session ID Heap Buffer Overflow in Palo Alto firewall.  In our cutomers Firewall enviroment we not enable the SSL Descryption Feature.

Customers Queries us.. How and Why Palo Alto able

PAN-DB Connectivity

Hi,

We are faced with the connectivity issue when we tried to download the URL filtering DB from PAN-DB. As the firewall has an external interface to the internet, we have changed the service route for “Palo Alto Networks Services” to the external in

how to integrate x force free feeds with minemled?

Need to Verify traffic.

Hello All,

I am using PA-820, i only have cli access to device. I will require to verify traffic from a particular source and destination on the device. Do we have any commands to do that ? May be something like packet tracer to get all the routes /

Increased FP's for Wildfire Viruses

Has anyone noticed an increase in the number of false-positives being generated by Wildfire in the last few weeks?

I seem to be getting a increased number of alerts for WF learnt viruses on apps that have never caused issues before.  Always worried t

Understanding Security Profiles

PA newbie here!  I am digging in to the PA traffic processing algorithm & on the 4th leg of the process I see that the traffic is allowed at this point but gets scanned against the configured security profile.  This sounds like where IPS comes into

How to generate a dynamic report with the XML API?

Hello everyone,

I want to create a dynamic report using the API of PaloAlto. I am currently struggling with that a bit.

So here is a list of questions and I hope you can help me with that.

How do I execute a dynamic report with specific timeframes in

add new Certificate for web APP

Good day!

  I tried to follow the steps to create SSL Inbound Inspection but after I added the certificate for the first application (EPOS it’s name) , it’s not showing inside decryption policy role, please check the below pictures to make the image c

How to verify that threat profiles are actually performing

Hello,

I currently have one rule, that pertains to one inside and one outside host.  I have a few profiles added to the rule such as a/v, spyware, vulnerability and file blocking.  I dont see any events in the Threat monitor nor my Syslog server so m

Blocking SMB Traffic

I was doing a review of some firewall policies and noticed the company I am consulting for is allowing all applications risk 1 through 3 from their trust to untrust zones.  Not sure why it's setup that way yet, but in doing so, SMB traffic is alllowe

False Positive Submission Virus/Win32.WGeneric.rixgu(2341248)

Hello,

I tried to download the last Adobe Reader DC package directly on the depository from Adobe and Palo -Alto block my download with the threat detection Virus/Win32.WGeneric.rixgu(2341248)...

The URL is ftp://ftp.adobe.com/pub/adobe/reader/win/Ac