SANS Institute - PAN Firewall Security Configuration Best Practice

Just wanted to let you know

https://www.sans.org/reading-room/whitepapers/auditing/palo-alto-firewall-security-configuration-benchmark-35777

Certificate failed to load

Hi all,

We have two PA-4060 in active/passive mode with PAN-OS 4.1.12 (I know, old..).

Yesterday, after rebooting passive device auto commit failed with:

Error: Certificate 'XYZ' failed to load: failed to parse key

and device went to not-ready state.

Afte

ISSUE WITH GLOBAL PROTECT

We have configured One VR-1 only

Ethernet 1/1 is a WAN interface

Ethernet 1/2 is a WAN interface

Ethernet 1/3 is a WAN interface

Ethernet 1/4 is a LAN interface

We’ve created

ETH1-ZONE for Ethernet 1/1

ETH2-ZONE for Ethernet 1/2

ETH3-ZONE for Ethernet 1/3

ET

Would Traps be able to detect and kill this file on the host without requiring any manual remediation?

A customer is seeing infected word files with macro in their network. The firewall is not able to block this file because the macro keeps changing file hash, even with WildFire enabled.

Would Traps be able to detect and kill this file on the host with

En modo mantenimiento no me deja hacerle un factory reset, me aparece typeerror: unpack-sequence

Traceback (most recent call last):vigate,  ENTER=Select,  ESC=Back

  File "/usr/local/bin/mrt", line 192, in ?

    main(sys.argv[1:])

  File "/usr/local/bin/mrt", line 187, in main

    m.main()

  File "/usr/lib/python2.4/site-packages/mrt/ui.py", line 433

Can PA be possible for content inspection after ssh decryption?

Hello,

Can PA be possible for content inspection after ssh decryption?

I looked the below document.

Details on Port Forwarding Inside SSH

This document mentioned the following comment.

"Content and threat inspection is not done on the SSH tunnel session"

I

What happens if Dynamic Block List server is inaccessible?

If we are retrieving a list of IP's via Dynamic Block List to Allow and/or Deny traffic, what would happen if the web server hosting the .txt file is inaccessible during a refresh? Would the DBL object lose all of the IP addresses and render the rule

Issues with geolocation IP addresses

Hello,

We have policies (geolocation) which only allow connection from Spain and Andorra.

In many cases the IP addresses identified by geolocation, is not properly updated and sometimes Palo Alto identifies an IP like another country rather than as Spa