General Topics

Resolved! Log viewer not working for 8.1.13 PAN-OS

Cx facing this issue with PAN-OS 8.1.13 .

From the policies tab when we are selecting log viewer option for any security policies rule then it redirected to the Monitor tab . Logs traffic tab there it is showing all firewall traffic and filter bar ta

...

Static Bi-directional Source NAT not working on incoming traffic

I've users on subnet A that needs to communicate to a service over a vpn on subnet B.

This subnet B already knows a subnet A, and therefore we're doing a source NAT for subnet A to C.

A server in subnet B needs to print to a printer in subnet A, thus w

...

Missing Secure Flag on the SSL Cookie after a vulnerability assessment ran on PA820

In my case, the team is performing a vulnerability assessment on PA820

Vulnerability Title: Missing Secure Flag From SSL Cookie

Description: The Secure attribute tells the browser to only send the cookie if the request is being sent over a secure chan

...

Barracuda to Palo Conversion

I've tried searching but have not been able to find much information. Does anyone have experience converting a Barracuda ng800 to Palo Alto? I'm working with someone that just received a pair of PA-5200 series firewalls and want to move their Barracu

...

Resolved! GlobalProtect Certificate to Encrypt and Decrypt Cookies

Hi All,

I'd like to find out what type of certificate you need if you are configuring Authentication Override for GlobalProtect Portal and Gateway. That is, for the option to specify a certificate to Encrypt/Decrypt Cookie (screenshot below), does thi

...

How to gain all knowledge about Azure within 15 days?

I want to learn azure course within 15 days. Please help me.

GlobalProtect multiple gateways

Hi All,

Similar to a Cisco ASA tunnel-group configuration where we can have different VPN configurations using the same public IP, I wonder if similar configuration can be achived on Palo Alto. My objective would be to configure different gateways us

...

ipsec question

Hello,

Do I need a tunnel interface for site to site vpn ?

If yes How can I do that and what is the benefit

Thanks

destination port in PBF

Is there an option to define destination port in PBF. Now if a service is selected, PA applies PBF if source or destination has that port.

I am looking for a PBF which should match only if destination port is 80.

Dynamic updates not working after RMA replacment - Download Error Problem with local SSL certificate

We recently got a RMA replacement in for a failed PA5250 in HA but we are now noticing that Dynamic updates are not downloading and installing. We get a message in the Panorama Job Schedules section stating "Failed to upload image. Device msg:'Failed

...

Resolved! Always on Global Protect

Hello All,

Looking to get advice on this topic. The idea is to have the users connect via a VPN tunnel regardless of their location, internal LAN or working from home, etc. I need to make it easy on the users so its to a burden, e.g. having to authen

...

Resolved! How to find a URL for session_end_reason eq decrypt-error

I have SSL Decryption and URL Filtering implemented and I see lots of decrypt-errors listed as session_end_reason. Is there a way to see the exact URL that the user was attempting to connect to? That way I can troubleshoot the site and see if an excl

...

exclude a network from static route

Is it possible to exclude a network from static route.

For eg I have static route 10.20.0.0/16 to the core-switch.

unfortunately my management network (including PA) is 10.20.200.0/24

I dont want traffic to 10.20.200.0/24 going to core switch.

just ex

...

Resolved! Why Set Application ID "apple-push-notifications", but gateway.sandbox.push.apple.com not working

hello~

I used the "apple-push-notifications" application id to add a new firewall rule. Afterwards, I found that the URL "gateway.sandbox.push.apple.com" is not working properly. Why?

Image Source：https://applipedia.paloaltonetworks.com/

Knowledge sharing: IP and user TAG Mappings redistribution for DAG / DUG

Hello to All,

I see a lot of questions about redistributing IP and user TAG Mappings from Panorama or a firewall to other firewalls. In version 10 this is possible but in older versions only the user id can be be redistributed and maybe a REST/XM

...

Discussions

Resolved! Log viewer not working for 8.1.13 PAN-OS

Static Bi-directional Source NAT not working on incoming traffic

Missing Secure Flag on the SSL Cookie after a vulnerability assessment ran on PA820

Barracuda to Palo Conversion

Resolved! GlobalProtect Certificate to Encrypt and Decrypt Cookies

How to gain all knowledge about Azure within 15 days?

GlobalProtect multiple gateways

ipsec question

destination port in PBF

Dynamic updates not working after RMA replacment - Download Error Problem with local SSL certificate

Resolved! Always on Global Protect

Resolved! How to find a URL for session_end_reason eq decrypt-error

exclude a network from static route

Resolved! Why Set Application ID "apple-push-notifications", but gateway.sandbox.push.apple.com not working

Knowledge sharing: IP and user TAG Mappings redistribution for DAG / DUG

HA4 firewalls

B2B VPN IKEv2 Fail with Amazon Private Cloud Peer

Help understanding Asymmetric Path issue

Can't import a certificate via XML API using C#

Unable to download new version

Re: What is still missing or needs to be improved in PA Next Generation Firewalls ?

CVE-2024-3400 IOC's

Re: Solution for "SSL decryption bypass for Anydesk"

Re: Solution for "SSL decryption bypass for Anydesk"

Re: Error installing dynamic update Apps

Unlock your full community experience!

Resolved! Log viewer not working for 8.1.13 PAN-OS

Resolved! GlobalProtect Certificate to Encrypt and Decrypt Cookies

Resolved! Always on Global Protect

Resolved! How to find a URL for session_end_reason eq decrypt-error

Resolved! Why Set Application ID "apple-push-notifications", but gateway.sandbox.push.apple.com not working