SSL Inspection and SSL Labs

Outside of minimum and maximum supported tls versions and ciphers what are some things to look for on SSL Labs that would be breaking decryption. In the Palo decryption logs if it shows error "Early close notify" what would be something to look for a

GP Compatibility on Windows Server

Hello, everyone.

Does anyone know if you can install the Global Protect agent, on Windows servers, such as 2012, 2016, 2019????

Is there a documentation that tells me and confirms this?

I see in the Palo Alto Firewall, that the computer does not give

SSL decryption - How to deal with third party sites that don't install the intermediate certificate?

I turned on TLS (let's start calling it what it is) decryption for our IT personnel only a couple of years ago.  It was considered a pilot and I always planned to work with our legal department to craft a policy and start rolling it out to the broade

Next Hop in default route using DHCP Comcast modem

Hello Group,

I am setting up a PA-200 in my SOHO with comcast as my ISP.  I have comcast for my isp and am using DHCP to optain my IP address.  My question is this.  Per the setup guide, if I check DHCP under the IPV4 tab, and check, Automatically cr

Factory Reset

I was in the middle of setting up a PA 850 and in the end needed to conduct a factory reset. I issued the commands to put into maint mode and was able to log in with maint@ip and the serial number as the password through putty. I had to step away for

DHCP client support for IPv6

Hi,

You can't configure an Ethernet Interface as a DHCP Client for IPv6 like the IPv4.
Does anyone know this will be supported in the (near) future?
I can't find anything about this.

IPv6 on public interface

Dear all,

I'm ttrying to get IPv6 up and running but so far without much success.

My ISP assigend a /48 range to me and they are saying I need to use DHCP. AFAIK, DHCPv6 is not supported, but NDP is.

Assume my IPv6 prefix is

abcd:1234:5678::/48

So I ena

SMB traffic identified as active-directory

From one of our management servers  (Windows Server 2016) SMB traffic is identified as active-directory, but from user clients it's correctly identified as ms-ds-smbv2. Anyone come across this? We have several storage solutions (NetApp filer, iSCSI,

Firewallupdates via Panorama - huge delay in download and install

Hello,

I'm managing several PA firewalls (10.2.2, 10.2.3, 10.2.4-h2) via Panorama (10.2.4-h2), I noticed a delay in AV, Content and App update deployment, sometimes it's days or even weeks.

For example, the App update is planned to check and inst

Firewall processes sometimes are in suspended state

Dear community,

I have observed that processes "log_index" and "stats_gen" appear in "suspended" state sometimes.

We didn´t notice any issue though.

Do you know if that´s a normal behavior?

Kind Regards!