SSL/TLS Client-Initiated Renegotiation Vulnerability in NGFW LAN Int

Hi, 

One of our runs vulnerability  Assessment on LAN Interface of the PA NGFW, And they are getting SSL/TLS Client-Initiated Renegotiation vulnerability, Please help me to remediate the same. 

Security Report

I would like to create and export a security report giving me a simple count on the number of times an attack was attempted.
The definition of an "attack" could range anywhere from a network discovery to a tentative of password brute-force, as many ve

How to apply security policy over more than 200k public IP? (EDL? API?,...)

Helo,

we have started a plan for a new project. I have created a picture, so you can see, what I acutally mean :).

User will via some customer portal setup a new broadband link. He will be able to choose if the broadband should be secured and by seve

Question about Global protect Pre-Logon Issue

Hi,

I configured GP pre-logon method, But it’s only working in administrator mode even though the user is part of administrator group, it’ not working for normal users.

I followed below KB article,

https://knowledgebase.paloaltonetworks.com/KCSArticle

No ICMP hitting Palo Interface but ICMP is allowed

I have a greenfield Palo with a fresh ISP.

Have confirmed from the Palo I can source from my interface and ping outbound to anywhere in the world.

Interface mgmt has been set to allow ICMP, I've left the allowed IP's blank and also set my specific IP,

VPN IPSEC secondary peer

Hello,

I have a vpn ipsec in production, now I have to add a secondary remote peer.

It's my first time I have to configure a 2nd peer.

If I understood well I can't simply add a seocndary peer to the VPN but I have to configure a new psec but the differe

5450 - Included cards in base bundle

It seems odd that the base bundle (PAN-PA-5450-AC-SYS) includes a NC and not a DPC.     

Can someone from Palo, or someone that has received a 5450, confirm that a DPC is *not* included and the base bundle (it will not function on its own)?

Global Protect "Certificate not intended for this purpose"

Below find  the  certificate KeyUsage

What is wrong with my certificate?

PA not responding to any incoming requests

I have a PA-220 (PANOS 9.1.8) running with a dynamic PPoE link to the ISP. I've tried everything! It does not respond to PING, SSH, HTTPS. I removed the firewall security profiles, zone protection, added the management profile. Looking at the pcap, t

PAN-OS 10.1.4-h4

Hello all,

We are looking to update PAN-OS to 10.1.4-h4 but wanted to ask if anyone had any issues after upgrading? 

I had 10.1.4 installed but it had bugs and had to roll back so I am a little bit leery to upgrade again.

Thank you,

Tom 

Global Protect 6.0 Client Windows Authentication

Since upgrading to the 6.0 client every hour, when the client does its config refresh interval, Windows defaults to the Global Protect password sign in option when unlocking the computers rather than what the users are normally using (PIN, Face, Fing

Interface Status in Suspended state

I have my production firewalls in HA active/passive mode. My question is if I have suspended the passive firewall, what would be the interface status, would it be down or showing up ? I do understand it will not be forwarding traffic but what would y

How to allow only X.509 related cert validation traffic from trust to Untrust