General Topics

Tests anti-malware signatures before releasing them to the public

I would imagine Palo Alto tests dynamic updates such as  Antivirus and Device-Dictonary signatures through a rigorous process before releasing them to the public.  Does anyone know where I can find that process?

LDAP

We plan to enable channel binding for LDAP on our domain controllers.  Since the firewalls use LDAP for querying AD information from the domain controllers, do we need to make any configurations to the firewalls to be compatible?

Captive portal auth with Client Certificate as first auth method and local auth as fallback

Hello team, 

To identify my users, I have used Captive Portal with ldap authentication profile.

Then I removed the ldap from the captive protal config and added a "Certificate profile", and it works well as well.

However, when I assign both an ldap pr

Rule has application any and port 3389 we see discard for application cotp

We have security policy to allow any application on port 3389.

I see users are able to connect to server on port 3389.

traffic log shows denied on application cotp.

my understanding is that if you have application as any it should cover all the applic

Accessing Mgmt Interface over IPSec

Hi Team,

Is it possible to connect to Mgmt interface over the IPSec tunnel from external interface?

Regards,

Sanjay S

Intrazone-default rule

Hello,

I would like some advice on Palo Alto's default intrazone-default rule.  Unless I have a drop any any above this rule I see IP's from all over the public internet hitting my Palo Alto and being accepted on the intrazone rule as the traffic is

PA restart with Internal packet path monitoring failure

We have a pair of 3220 in a cluster. Yesterday we upgraded to 10.2.9-h11 and today we faced a restart of the Active peer twice with this error:

Internal packet path monitoring failure, restarting dataplane

I could not find any bugs related to this

Max Tunnels for GlobalProtect

Can someone help me to understand the maximum number of concurrent connections possible with the GlobalProtect Clientless VPN solution? Preferably any documentation where this is specified would be great!

User's traffic not hitting correct security rule.

We're running into an issue where a rule that is meant to update anti-virus protection on port 443 is slipping through and being caught by a lower rule which denies any application and service. (Hardware: PA-5050, OS version : 8.1.6).

As far as the se

Firewall WAN Zoning configuration best pratice

Hi, If the customer environment have 3 different internet service provider. Should I got 3 different zoning or just configure 1 Zone for 3 different internet service provider.

transfer the vm panorama to the nutanix

Hello

Customers are using VM Panorama for VM-ware.

Sooner or later, however, the customer will replace the vm-ware with a nutanix.

VM Panorama version : 8.1.6

VM Mode : VMWare ESXi

1. Can I get an image of a VM Panorama in use and use it in Nutanix?

2. W

Activating Trial license to extend PaloAlto working environment

Hi, community

Does anyone has any experience Activating "Trial Licenses"?

If let's say our support for PA-FW ends in 10 days and we would like to extend working-period is it possible to use "Trial Licenses"?

I know we can use them only once, but we d

BPA for NGFW and Panorama

Hi Team,

Without Strata Cloud Manager access cant we do BPA?

Here in the below link we can do it for free is what it says.

https://docs.paloaltonetworks.com/strata-cloud-manager/aiops/best-practices-in-ngfw/on-demand-bpa-report

How to get access to

Port Hopping - Is it for defence or Attack ?

cryptographic secure erase with NIST 800-88 guidelines

Query:

We would like to know if PA firewalls have cryptographic secure erase that complies with NIST 800-88 guidelines.

Ref:

https://www.stellarinfo.co.in/bitraser/ppc/nist-compliant-data-erasure-software.php?gad_source=1&gclid=Cj0KCQjwsoe5BhDiAR