Hi folks/.
I have a situaiton that is doing my head in, and I need some help.
I have an installation which looks like this
"A" end - Palo Alto Active/Passive cluster, public IP for IPSec VPN termination
"B" End - Juniper SRX cluster, Active/Active wi
...
I have 2 virtual instances of PA-8.0 on a laptop in a home lab for learning purposes. High Availability is configured in Active/Passive mode with HA1 using the management interface and it is working but HA2 is failing to sync and complete initializa
...
Is there a way to have a Dynamic Service Group, similar to Dynamic Address Groups?
Thanks!
Is there anyway to solve those VA issue?
1) 90317 - SSH Weak Algorithms Supported
2) 42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)
3) 70658 - SSH Server CBC Mode Ciphers Enabled
4) 71049 - SSH Weak MAC Algorithms Enabled
Kindly help plea
...
Hi team,
Can we renew the server certificate used for gp before expiry can you please let me know if there would be any impact after renewing the certificate before expiry??
Or we need to renew the certificate before 1 day ???
Hi Guys!
May someone help me with this - Is there capability with Palo Alto FWs to enable some sort of network access control for both wirelss and wired to control devices on our network? The goal is to be able to prevent non-company devices from co
Hi Team,
I found some command to add a device in device group and template but couldn't find how to set a device as master device in device group with CLI,
Tried to search cheat sheet but the information/commands are not available.
Is it possible or th
...
I have two ISPs configured with path monitoring and I can successfully monitor the primary route and fail over to the secondary, however what I would like to do now is use PBF to always send some of my traffic out the secondary ISP. Everything I've
...
I blocked 'google-update' app in firewall rules but I still see some of the users' browsers getting updated. I can't find any helpful logs for those users.
Please let me know a solid way I can blocked google updates on Palos.
TIA.
I've a pair of PA-220 configured as cluster. After power off - on HA is down. But I can connect to both firewalls via https & ssh.
Active fw1 shows that HA ports 7 & 8 are down (red in GUI). On passive firewall fw2 all ports are grey.
But the real stra
Hello,
my current GlobalProtect portal/gateway certificate is expiring soon so I had our 3rd party CA create a new one with the same name. In Panorama under templates/device/certificates, I uploaded the new cert with a temporary name (ex. expiring c
...
In Palo Alto some certificate are expire in this months. Request you to help us to know will there be any impact at user end if certificate expires and we renew on firewall before expiry.
Hello,
Has anyone encoutered this error message below? I could not find much info on this.
Using PA500 with PAN-OS 8.1.4
domain: 1 receive_time: 2019/02/09 10:16:13 serial: 00xxxxxxxx seqno: 4858056 actionflags: 0x0 type: SYSTEM subtype: wildfire conf
...
hello
I am trying to enable the tunnel monitoring for an IPSec tunnel(not sure what device the other end is using) and got very interesting result.
The proxy id config is
local:172.16.17.3/32
remote: 146.48.211.0/24
My client subnet 172.16.2.0/24 will b
...
Hi all,
I am trying to automate the deployment of GlobalProtect software in laptops with Ubuntu installed and I have faced an issue not easy to explain. The operating system is being deployed automatically in chroot mode, and one of the last steps in
...
OtakarKlier
on:
Understanding URL Filtering security profiles vs Rule Action
OtakarKlier
on:
Qualys scanner blocked
OtakarKlier
on:
Split-tunnel not working properly
OtakarKlier
on:
Palo HA with LACP to Cisco Stack Switch
aleksandar.asta
