General Topics

Performance Degradation for SSL Decryption

Hello,

The issues we are experiencing are with SSL decrypt. When this setting is enabled we are experiencing significantly degraded internet performance.

We understand that this would have an overhead but the current overhead makes it almost unusable.

error downloading version 10.1.1

When I tried to download the PA version 10.1.1 on my appliance, it sent me an error,

Dataplane spiking to 100% at the same time each morning

Yesterday at 8:37am and today my noticed the dateplane hit 100% for about 15 seconds(an eternity in network time) and dropped back to normal. 

Today I ran show running resource-monitoring that basically just show me it hit 100% yesterday and today but

SSL Decryption with iOS 13 Devices

We began testing of the iOS 13 beta last week on several test devices that are connected to our internal mobile device network.  This network passes traffic through the Palo with SSL decryption.  We are finding that iOS 13, even with our cert install

auto-tagging registration on remote user-id agent

Hello colleagues,

did someone manage to use dynamic tag registration on the remote user-id agent? I cannot find any explanation in documentation or community discussions. It is written in the manual that need to create a http profile

https://docs.palo

PA-3050 detected dns queries to malicious URL but all other anti-malware detected none

The Palo Alto device is saying that a workstation on the network is querying the DNS server for some malicious URLs for some of the dates and some of the time.

Full scan using McAfee VSE, Microsoft Safety Scanner, Malwarebytes, Spybot, said no malware

Advanced URL Filtering with PAN OS 8.1

Hello,

I recently noticed that URL Filtering licenses have been replaced by Advanced URL Filtering licenses.

The version of the box is PAN-OS 8.1.

My question is: Is it possible to use these new licenses with version 8.1, or do I need to upgrade to PAN

Allow Only Google-Chrome Update and Block all other google related pages

Hi Team,

The Google and Google related products/pages are completely restricted at our environment.

We only allow a specific destinations from our internal Application servers.

To remediate the vulnerability risks, we are in need of updating the google

can not able to download file after enable ssl decryption

Hi Team ..

We have enable ssl decryption then we could not able to download big file. 

Downloading starts and after some time it automatically in reach to pause state.

We disable SSL decryption then we could able to download file. 

Firewall side we did n

Password History

I am wondering if there is a way to clear password history. Due to audit requirements we need to have "Minimum Password Complexity" requirements including changing on first login and preventing Password Reuse.

I am having issues keeping an account sy

Will this configuration work?

I will configure 14 VLANs in total. I will connect all Firewall Interface to one of the L2 Switch and I will cascade the other L2 Switches with that L2 Switch. In this case, do we need Trunk? Please check if any problem with such configuration.

There

VPN Tunnel IPSEC L2L VPN NAT not acting as intended

I am Labbing up a configuration I am about to go live with in production but it is not acting as it should when trying to apply a NAT rule to a tunnel interface. When I apply individual rules to the vpn traffic as I would like it to act I am not gett

Appid ms-teams-audio-video vs ms-lync-audio

We're having both legacy lync users and Teams users in our network. But for the life of me: I don't seem to get hits on "ms-teams-audio-video" .

Is it because the data itself is not different enough so the contentid engine can't see the difference? Do