General Topics

Resolved! *Urgent* SSH Protocol Version 1

Hi Peeps,

I got technical query regarding how to change SSH v1 to SSH v2 in PA firewall, Because one of our customer got an alert from VAPT tool like as follows,.

Description :- 

KPMG test team observed that the Secure Shell protocol version 1 suppor

Resolved! Data Filtering not sending to syslog

I've configured a data filtering profile and have been testing sending the data filtering detections to syslog, then to Sumologic. From what I've read, these detections are Threat Type, Data subtype in the logs. I have a log forwarding profile create

Resolved! Do websites get rescanned once flagged as Malicious?

We are starting to see valid websites showing up as malicious due to them being hacked or for some other reason. Once the site is cleaned up however, is it up to someone in the Palo Alto community to request a URL Category change manually, or is ther

Resolved! NAT, Routing and license requirements

Hello Bros,

                I have an unlicensed and out of support single paloalto 3220 appliance, and this device is not licensed now as we have upgraded to paloalto ha.

my question is I wanted to re-use this appliance for some network services such

Resolved! Authentication issue with Global Protect

We are having difficulty with our Active/Passive pair of PA_820’s where they are setup to allow auth to GlobalProtect based on AD group membership.

If we create a new OU in AD and move a user to the newly created AD OU whilst still having the same gro

Resolved! Welcome Page - Iframe

Hello,

we want to include a (external or internal) website via iframe in the welcome page. My test HTML site:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN"
      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd"> 
<HTML>
<HEAD>
<TITLE>Pal

Resolved! Not able to ssh access Active after config on mgmt interface on Passive standby

We have a pair of PA-3220 running 9.1.6.  We made a config change on the passive and now not able to access the active firewall.

Config was added to passive host where we added ssh ciphers / mac /  host key to the mgmt interface.  After the change we

Resolved! Change speed/duplex on 10G SFP port for PA-5220

Hello,

Is it possible to hardcode speed/duplex for 10G SFP port on PA-5220 device? i am getting below error:

>set network interface ethernet ethernet1/5 link-speed 10000 link-duplex full 
Error: 
Server error : ethernet1/5 -> link-duplex 'full' is not

Resolved! IKE and IPsec Encryption and Authentication Parameters for Site-to-site IPsec VPN

I was configuring a Site-to-site IPsec VPN and I was having a hard time matching my Encryption and Authentication parameters. The remote end device is Huawei Eudemon 1000E and my local device is PA-800. I have finished the configuration both sides by