SSL Decryption Certificate Self-Signed vs Public Trusted CA

Hi,

I searched and read a lot about it, but the more I read the more I get confused. I would appreciate, if someone explain me the difference between self-signed and public trusted certificates for SSL Decryption. As I understand, I need to import

SLR Report Generation using dump file

Hi Team,

Need guidance on how to generate report using dump file.

I cannot find the link. can anyone assist?

Appreciate it

How to know the process in a Firewall that generate Traffic

I have seen unusual traffic in the Firewall.

A lot of sessions are generated from an interface (inside) to the IP Address 5.5.5.5 to the outside interface.

I would like to know what process or the reason to the Firewall generated this traffic.

Issues without using Proxy IDs on IPSEC tunnel

We are running into issues with VPN when we chose not to use PROXY ids between two PA firewalls.

We see it works fine when we add the proxy ids, but we shouldn't need to if both of them are Palo Alto, isn't it?

We see phase 2 keeps failing and the tu

Install cortex XDR agent on VMware ESXi

Hi all ,

Can we install Cortex XDR agent on VMware ESXi Host Machine?

If yes please share the respective supporting documents. 

GLOBALPROTECT split navigation

Hi everyone.

Currently I have a request. When vpn user is accessing throught globalprotect is necessary that fullfill two thing: If device is corporate (domain) he can use internet resource enterprise internet. But, when device is personal he must

VPN Proxies

I have a VPN tunnel, which is up and running. I have two proxyIDs in the tunnel with the same local address but different remote addresses.

I can only get one proxy to connect.

For example, I currently have proxyID1 connected and can ping the other s

TS User-ID and FSSO in the same server

Good morning,

reviewing the documentation of palo alto and fortinet informs me that they use the same internal ports for the fsso and for the user-id and to rule it out completely I wanted to know if you could configure the fsso and the user-id in

review cached URL continue challenge entries

Hi Guys,

according to below article URL entries is cached for users per category.
is it possible to check cached entries per user/URL/category to see current state?

Continue Action in URL filtering not working as expected 

Thanks,

Palo alto panorama - Any advice on how we can deal with old logs?

We would like to migrate logs from M100 to M200 – Could you please advise how to proceed?

M100 has 4x2 disks

M200 has 2x2 disks

M-100 appliance to an M-200 or M-600 appliance- I understood this from the below URL. Kindly correct if any change

Log m

Blocked traffic log has no url logged

I want to look at the url address of a data packet that was blocked by a deny rule. I had url filtering applied on the rule but the denied traffic log shows the url category but not the url address. Please advise me in logging url address for denied

LACP Aggregate Group with Subinterface

Hi everyone,

I'm trying to set-up a Subinterface on a Aggregate group with LACP on a PA-3020 and a DELL 6248 switch in a test envoirment.

If I assign an IP on the default VLAN to the Aggregate Group everything works but I can't seem to get the Subint