General Topics

For those that seek to get SSH Proxy working

Searching the internet it seems that people are looking to enable SSH Proxy and not finding answers. I managed to get it working but must say that the current supported SSH decrytion parameters for all PAN-OS versions aren't the most secure ones so y

Grace Period for Threat Protection and URL Filtering

Hello,

I'm curious if anyone knows if Palo Alto has a grace period for expired URL filtering and Threat protection licenses.

Thank You,

MJF

GlobalProtect access to local LAN devices

I am fairly new to Palo Alto devices.  We are in the process of testing the GlobalProtect client and have set it up without split-tunneling.

I have confirmed this works for web browsing (get the PA NAT address), but we are still able to get to all lo

Onboarding to Passive HA to Panorama

Hi Everyone,

I need advice on how to onboard the passive HA to Panorama. The Primary is already on Panorama but upon checking, it doesn't belong to a device group yet. I have read some documentation on how to onboard a local firewall to panorama, but

When will PAN-OS start supporting modern SSH ciphers?

I'm running PAN-OS 11.1 and OpenSSH 9.X.

I had to tune my sshd_config to support really ancient stuff like aesXXX-ctr and hmac-sha1 just to allow for SSH decrytion...

Please Palo Alto update the supported ciphers and MACs!!

Terminal Server Agent: Start service fails with error 1058!

Does anyone know of a fix to this error with the Terminal Server Agent?  Only two of my servers aren't connecting and I'm getting this error message.  

unable to open a case

I have a new support account, but there appears to be a problem.  URL is https://support.paloaltonetworks.com/Error/Error.

I need to open a case for a critical issue.

Prisma Cloud Integration with Oracle cloud (OCI)

We are trying to integrate oracle cloud (oci), Looking for documentation

A very weird Behavior on SIP traffic traffic reversing back to the same egress interface

Hello everyone , im seeing a very strange behaviour in my pa-445 version 11.1.4-h7 firewall , where i have an interface on the firewall which is a gateway to my voip devices , the same firewall connects to the voice server through an ipsec tunnel int

How to create ACLs for access to AWS workspaces (EDLs don't cover all IPs)

I need to create ACLs for outbound access to AWS workspaces using the destination IPs / subnets / FQDNs shown on AWS publication https://docs.aws.amazon.com/workspaces/latest/adminguide/workspaces-port-requirements.html#ip-address-regions.  

PAN pu

PaloAlto Passive Firewall Monitoring in HA Setup

Hi everyone,
Greetings!

I’m currently using OpManager to monitor a Palo Alto firewall in an HA Active/Passive setup, and the Link State of the interfaces on the passive device is set to auto.
While OpManager is able to correctly pull interface details