General Topics
cancel
Showing results for 
Search instead for 
Did you mean: 
General Topics

Forum Posts

Now Open: Papers for the Ignite'21 Conference

Hi everyone, I wanted to let you all know that Palo Alto Networks is now accepting Papers for the Ignite'21 Conference! Palo Alto Networks is looking for speakers and presenters with highly technical backgrounds who can share their experience and exp...

jdelio by Community Team Member
  • 303 Views
  • 1 replies
  • 1 Likes

Resolved! GlobalProtect, Working from Home, Prisma Access and Covid-19

To all, Just wanted to post a message about the Hot Topic right now, which is Covid-19. With all of this going around, everybody's health and safely is the utmost concern. Keeping your hands clean, washing your hands (A LOT), using hand sanitizers, a...

jdelio by Community Team Member
  • 21078 Views
  • 43 replies
  • 32 Likes

HA1 encryption issues?

Hi Random question but has anyone had any issues when enabling HA1 encryption? I performed a BPA yesterday and noticed that we do not have HA1 encryption enabled. I looked into it and seemed like a very simple/quick win to do and after following step...

CRDF18 by L2 Linker
  • 1391 Views
  • 2 replies
  • 0 Likes

Authentication Profile

SAML with RSA MFA authentication profile is getting synced on the HA active/passive firewall. The issue is that each node needs it's own unique authentication profile. As soon I change it on one node it sync's to the passive node. Is there any way to...

Shawverr by L3 Networker
  • 998 Views
  • 2 replies
  • 0 Likes

BUG -106914

BUG -106914.this is mentioned in 8.1.9 PAN OS as addressed issue. Please find the detail:Fixed an issue on a firewall in a high availability (HA) active/passive configuration where HA1 and HA2 links stopped passing packets, which caused a split-brain...

arun_sh by L1 Bithead
  • 1445 Views
  • 3 replies
  • 0 Likes

Resolved! GlobalProtect client config fail

We have GP license for a smaller 220. Idea is to have 220 in DMZ and allow users to connect internall or externally to connect to GP. The issue i am having is that when trying to connect internally i am getting not authorized message from the client....

image.png
image.png
raji_toor by L4 Transporter
  • 6405 Views
  • 1 replies
  • 1 Likes

Resolved! GlobalProtect VPN prelogon 2FA/MFA

Hello everyone, I have a question for which I can't find any documentation to solve it.Our security manager wants to increase security at the VPN prelogon.Since version 9.0 PANOS, its possible to make a VPN prelogon with 2FA or SAML authentication. -...

jk0neil by L0 Member
  • 3469 Views
  • 1 replies
  • 0 Likes

# of rules vs simplicity

Hi all, I'm currently reviewing our PA5250 security policy ruleset and I'm doubting the best way to handle it. We have about 800 rules and lots of those rules combine functions. For example a server is allowed to FTP to ip a.b.c.d and should be allow...

Resolved! Decryption certificate validation issue

Hi Guys, I'm experiencing issue where one of the site is not accessible when the decryption profile is enable with no decryption for SSL forward proxy. After disabling the block untrusted issue I'm able to access the site. I'm facing this issue in PA...

BlueKeep HIP policy

I've created a HIP policy to filter GP users if they are missing the security patches for BlueKeep. However, with monthly roll-ups I have to go in and generate a new HIP object each month. We currently patch our Windows machines 30 days behind Micros...

SPI Value in phase 2

I wanted to know that I could see the SPI value in the wireshark in site to site policy based VPN. So basically in base two there are two SPI value inbound and outbound, so if the attacker is capturing my traffic then he'd able to see my SPI value. t...

Top Liked Authors