Device certificate

Hi all,

     I want to know, what device certificate is for and what it does?

Thanks !!!

"source user" empty in monitor log

I'm looking at an old version 7 PA3000 which uses a user-id agent to map users (active directory) to IP addresses.

When i log onto the firewall CLI  a "show user ip-user-mapping-mp all" command returns what looks to be a valid list of user mappings. 

Miner is polling continually but there are not events loaded

Hello everyone!

We have a miner pointing to a MISP. When it starts we load all events, after a while, we don't get any new IOC and the miner keeps pulling. A pulling_timeout is configured to 1800 but it seems not working well, we need to restart en

Disable Cipher Suite

As of the pen test via SSL LAB  i was observed that less secure ciphers like DES, RC4 were supported by global protect portal ,so that i have disable the all the weak cipher suite and it's successfully done but the when i disable CBC-256 Suite when i

How to inspect email contents within outlook.office365.com?

I have decryption turned ON for outlook.office365.com url but firewall cannot really inspect the contents that are inside the email. Is it because Microsoft encrypts the email and Palo doesn't know how to decrypt it? has anyone tried decrypting outlo

Strange behaviour of HA pair active passive

Today i've noticed a strange behaviour of HA pair of Pa820 (panos 8.1.6) in Active passive configuration.

In the dashboard page i've noticed the running config not in sync with peer.

So i checked the differences with the diff button and i discovered th

PAN-OS 8.1 Partial IPs Captive Portal redirect not working

Hi Everyone

I have some problem for Captive Portal redirect.

PAN-OS - 8.1

SSL decryption - enable

Authentication - Active Directory

IPs - 1000+-

Platform - 3250 Series 

the problem is partial IPs cannot get captive portal page to authentication, but parti

Dashboard we don't want to see global protect client version

global-protect-client software need to remove from "currently activated" in short we dont need to see any activated global-protect-client software in NGFW.
Tried to delete but unable to see delete software image i.e cross sign which has currently acti

Policy Configuration hostname

i want to configure security policy based and want to allow access only by end user hostname...can we do that?

Clientless VPN and bypassing the Guacamole admin login page

Hi,

In the middle of POC testing accessing internal servers via RDP, using Clientless VPN and Guacamole. The Clientless VPN and Guacamole side are already set up and working fine.

This is how I would like to see the POC working:

1. External users conn

External BGP Static Route Advertisement, with Path Monitoring an inside net

I have an existing LAN with two data centers. The firewalls at each are not in a cluster, and have different internal/external connections and tunnels, so changing to active/active it not possible. They each have separate DMZ's right now.
We need to b

Have you heard of the Cyber Elite?

In case you missed it, the LIVEcommunity team has just introduced the LIVEcommunity Cyber Elite program.

What is the Cyber Elite program you ask? 

This is a program that we have helped create to recognize the Expert members of the LIVEcommunity.