How can I see if my FW has already been exploited by the CVE-2024-3400?

Hello team

How can we determine if your device logs match the known indicators of compromise (IoC) for this vulnerability?

I have already fixed the vulnerability and I have the TSF of my device and I want to see if I have been exploited before applyi

Web Exception

Hi everyone,

I enabled users to access the internet with an SSL certificate on the firewall.I want to redirect a website to users who do not have an SSL Certificate installed. How can I do that?

For example, if an SSL certificate is not install

GlobalProtect and using split tunneling

Global protect has the handy feature of excluding select destinations from being sent over the vpn. For example, setting

(Split Tunnel - Domain and Application - Exclude Client Application Process Name) https://docs.paloaltonetworks.com/globalprotect/

Version 11.0 or 11.1?

Which software stream is regarded as the more robust and future-proof? The 11.0 stream or 11.1?

Can't install device certificate

Hello,

I'm trying to install a device certificate as instructed in the manual. 

I generate OTP using my account, I indeed see my valid serial number, get the OTP. 

Then I copy-paste to the firewall GUI and get the following error: 

I'm connected

TS agent SSL error

Hello, 

I've been trying to add a new TS agent on my firewalls. As there is no redistribution for user-{ip+port} mapping, I want to map the TS agent to 2 FWs. Backend FW is connected correctly, Frontend FW is in error.

I can capture the following betw

403 forbidden error while importing IDP fiile

Hii,

I have been trying to import G suit IDP file in SAML Identity provider on palo alto VM firewall but for infinite time its just showing message "uploading" without showing any error message. when I checked in network tab of inspect element I ca

Failed to extract file panup-all-antivirus-4788-5306.tgz with sha256

Failed to upgrade the antivirus package for primary firewall in HA causing the antivirus mismatch.

Its working if I delete and download install again.

Any permanent solution for this? Upgraded to the previous preferred version 11.0.2-h3 but issue sti

Import TXT or CSV to an Address Group?

I have a TXT file (I could also save it as a .CSV) of about 2000 known bad IP addresses I want to block traffic to/from. Is there a way to import this list into an Address Group? I see an option to download a dynamic list but I would then have to hos

NAT mapping public to private IP

Hello all,

I have been updating our NAT policies within our PA-3220 to specify traffic translation mapping from our public addresses to private addresses. After committing the changes the traffic has only been routing to the catch all NAT rule at t