General Topics

Block Psiphon App

Hi,

Is there any way to block this psiphon app? is it needed ssldecrypt?

This app uses many apps (ike,ssh,ssl) so we can not block them. How do you block this app psiphon?

Dns Sinkhole Adoption Rate fell to 77% from 100%

I'm trying to figure out wh my Dns Sinkhole Adoption Rate fell to 77% from 100% over the past six months.  Every security policy is using the same anti-spyware policy.  Any ideas?

Find disabled administrator accounts

Across a large environment, what would be the best way to audit Palo administrator accounts?  That is accounts found at Device > Administrators.

For various reasons we all end up with lots of AD accounts, service accounts and so on there, what I'd li

Ping log with 0 bytes sent

Hi Guys,

I noticed some strange logs on one of our 5200 firewalls.

There is device behind the firewall that is running constant ping to google dns, traffic is allowed and working normally.

I noticed a some logs that bytes sent is zero... I can explain

Deny PSiphon

Split Minemeld Feed

Is there a way to split a large output feed into smaller feeds.

Multicast, who accessed??

I have tested multicast to be working and is configured as in this diagram. In the logs I see traffic from SERVER zone to Multicast zone. But there is no log on INTERNAL client that accessed the multicast stream.

Cisco CAPWAP AP stuck in Discovery

Hi All,

Has anyone had problems with CAPWAP AP's separated from the WLC by a PA-220 firewall get stuck in a DISCOVERY OperationState?

>show capwap client rcb
AdminState : ADMIN_ENABLED
OperationState : DISCOVERY
Name : ***
SwVer : 8.5.151.0
HwVer : 1.0.0.

NPTv6 seems bugged (PAN-OS 9.1.9)

Hi,

we're running into an issue with IPv6 NPTv6 which we use to route traffic through IPS on PA.

The address isn't translated as expected.

We tried NPTv6 in 2 configurations, both translate the same. We either used:

xxxx:xxxx:xxxx:ffe0::/60 -> xxxx:xxxx:

Knowledge sharing: Palo Alto checking for drops (rejects ,discards), slowness (latency) and counters using captures, global counters, flow basic etc.

Hello To All,

I will create a short summary about how to do basic checks if the palo alto drops or slows down the traffic.

1. First the pcap capture on the drop stage will show if the firewall drops the traffic and after that we check why the firew

User-ID not populating after Microsoft patching - Warning

Hello All,

Just wanted to post this in case anyone else ran into it. Microsoft release patches as they normally do, however there is one that might break user-id, June 8, 2021—KB5003671 (Monthly Rollup). There is a warning in the notes: 

After inst

Using Authentication Policy and GlobalProtect with AAD SAML to prompt MFA authentication for Admin access to resources

We have new requirements to require MFA for administrative access to just about everything and have to put into place in very short order.

“In addition to remote access, multi-factor authentication is required for the following, including such access

Split Tunnel Routing Config Help

Looking for some help on split tunneling.

We are on PAN os 9.1.9 GP client 5.26, for our LAN we also use Cisco Umbrella to block sites.

What I want to do is when GlobalProtect connects I want all LAN traffic going through the VPN traffic, and all Inter