TCP session timeout behaviour

Hello,

I have a question about the mechanism of TCP session timeout on PA FW. Assuming that default TCP timeout on PA device is 3600 seconds. What happen after a TCP session is idle after 3600 seconds ? Does the FW send TCP RST at each endpoints ? Or

Intergate TWSITCLI with PRISMA CONSOLE

We are looking for documentation/Actual Steps ,  How can we integrate TwistCLi which is being deployed over a VM Linux machine and currently being used to scan Tar container image files with Prisma console

How do I remove KEX diffie-hellman-group1-sha1 from SSH on PAN-OS 8.1?

Our vulnerability scanner has detected a weak KEX algorithm (diffie-hellman-group1-sha1) on our firewall.  Is there a persistent way to disable the weak KEX algorithm?

I found this article (below), but it says every time the firewall reboots the weak

Global Protect error Windows 7 Client

Good afternoon, first of all thank you very much for the help and support for this case:

"The virtual adapter was not set up correctly due to a delay. GlobalProtect will try again soon. If the issue persists, please restart your system"

-Windows vers

bgp cmd

Hi All ,

Just checking what cmd we can use to validate receive and adversities BGP route from a peer like we have in cisco .

@PavelK 

Deploy GlobalProtect pkg to Mac devices via Microsoft Intune

Has anyone had success deploying the GlobalProtect.pkg (5.2.9-35) to Mac devices via Intune? I upload the pkg file to Intune and assign the app. It successfully installs GlobalProtect but it then runs the uninstaller as well, removing GlobalProtect f

L2TP over IPSec PAN-OS 8.1.11

L2TP over PAN-OS 8.1.11 with
IPSec is supported in PAN-OS 8.1.11?

When I check the traffic log, the reason for session termination is "aged-out" and I am unable to make a VPN connection.

I have Virtual Wire set up, but I would like to know if anyo

Can we continue to check domain and antivirus if GP license expired

In Global Protect HIP check we have allowed only specific domain machine and specific antivirus. Firewall will continue to check domain and antivirus if Global Protect license is expired ?

Any impact if GP license expired ? Do we require to remove HI

GlobalProtect Silent Install

We are currently in the stages of switching over our equipment to palo alto. In preparation, we are installing the global protect app on all machines ahead of the migration. I've got a silent install setup, but once it completes, I get a connection f

OpenVPN support on Palo gateways?

Palo gateways have supported ipsec site to site vpn for a long time. Do they also support acting as an OpenVPN gateway? I dont mean openvpn passthrough to a backend. I mean actually being the Openvpn endpoint.