Hi everyone, If you haven’t already seen, registration is now open for our first interactive event all about the Best Practice Assessment (BPA) tool! You will be able to connect with subject matter experts, share best practices, and learn how this to...
To all, Just wanted to post a message about the Hot Topic right now, which is Covid-19. With all of this going around, everybody's health and safely is the utmost concern. Keeping your hands clean, washing your hands (A LOT), using hand sanitizers, a...
I've been using firewalls for years, but in the last 12 months I've made the switch to PA, and I've been learning it slowly.As part of this, I created a video on how to configure HA, but also on how HA works (HA types, link types, failover handling, ...
We are having issue in building an IPSEC tunnel on a Palo firewall. Using ver 9.1.2. Getting below error 'IKE phase-1 negotiation is failed. Couldn't find configuration for IKE phase-1 request for peer IP... The peer IP type is Dynamic with no proxy ...
Why the user-id is missing for some traffic. This also causes issue with policies using user-id. Below traffic log is for same user/zone/ip
Hi, It appears that the UserTrust root CA and the Comodo RSA CA certificates expired this weekend and now my users are getting blocked since the certificate has expired. The sites are accessable through chrome when not behind the Palo. I've tried imp...
Due to the recent expiration of the Sectigo RSA CA cert (https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020) and our Palo firewall SSL decryption policy configuration to block expired certificates we...
We have configured a clientless application on PA. It s working fine it's taking to the application, Following the Home page and other contents are accessing but from there we not able to open few the popup menu tabs from the application.Application ...
Hello. I have reviewed a number of PA article and Live Video's and still am not sure my NAT and Security policy are functioning.PA-220.Below is the monitoring log I am seeing. I expect to see 389/LDAP to complete and show some NAT details - which I a...
Is there a specific reason that this feature is not yet available? It's a bit of a pain from a readability perspective to have a massive list of Regions tied to multiple policies, to say nothing of having to update multiple policies which may referen...
Hello community,Is it possible to Block File transfer over Remote Desktop
There is no workaround available for this vulnerability https://security.paloaltonetworks.com/CVE-2020-1981A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation.This issue allows a local attacker who bypassed the ...
Hello Everyone I have simple but very important questions about an eventual Zone Renaming in a Template commited and pushed from Panorama to a Managed devices: 1. Changing Zone names inevitably will have an impact on an active sessions ? https://know...
I have a pair of Palo-220's that I've pushed my templates to from Panorama and now the HA options on both devices are in an UnKnown or Down state. These templates have been pushed out to multiple other pairs I have setup alos but this pair is only on...
I know the question about how to set Reconnaissance Protection thresholds has been asked dozens of times. The answer is always "it depends on your environment and situation". I understand that there can't be a one-size fits all best practice. It seem...
Hello - Will enabling any of the logs like traffic, url etc in the web UI in admin role profile give more than read-only access to the users with the profile? Asking because I don't see read-only option, just enable and disable. Thanks - Jisha
Instead of seeing alarms when I login to the web GUI, how can I get alarms forwarded? I'd like to send to SysLogs and also receive via email.
on:
How to migrate from a PA-7050 to a PA-5250
on:
EDL Lists - Minemeld
on:
Wetransfer download site we.tl not seen as Wetransfer application
on:
client certificate authentication fails even though machine has certificate.
