Palo-Alto FW 9.0.4 Hardening Steps

Hello Guys, 

Joined the community recently...!! Hope all you are good in health and doing great..!!

Here...I am looking for a recommended and basic hardening steps (not a complete book) along with commands line for GUI steps/process for Palo-Alto fir

Block Page not always displayed

Hi,

I have the problem that for some URLs I get a block Page and for other URLs I get the "Error secure connection failed" Message.

Both responses have the same session end reason: decrypt-cert-validation.

As this happens regarding SSL connections I us

97% speed decrease on SMB traffic (PANOS 8.1)

We're currently having some issues with ms-ds-smb (both v2 and v3) traffic on our PA-3020's (active/passive pair), where we are seeing a 97% speed decrease measured against direct traffic.

In order to determine the source of the issue, I have tried t

VLAN entry

Hi

I have a network with IP addresses in the range of 192.168.100 and 192.168.130 on two singular network cards on the same machine on the local network. Port 4 on the firewall is plugged into another device with the .130 range IP.   Port 1 on the fi

Update to 8.0.6 appears to have broken IPSec tunnel connections

Since our PA updated we've had a problem with one IPSec Tunnel not routing correctly. It appears to relate to just one Proxy ID but I've checked all and they're exactly the same as the PFSense box we're connecting to. Everything was fine until the up

can we import duplicate Ccommon name certificate of diffrent vendon?

We already using sectigo cert for gp gateway *.example.com. We have purchased same wildcard certificate from reddit.

Sectigo certficate is going to expire before that we want to test GP gateway on new certificate signed by reddit.

We will configure GP

Query on DH group for IPSEC VPN

NSX-T east-west traffic integration sizing question.

Hi,

I have a question about using palo alto for east west traffic inspection in an NSX-T environment. 

There are 2 deployment models in a service cluster and per host model.

https://docs.paloaltonetworks.com/vm-series/9-1/vm-series-deployment/set-up-th

Palo Alto hardware without license limits

Yes, I already know without license i don't get the following but i want know about like VPN, firewall rules and etc.. limits

1. Security profiles (Anti-Virus, Anti-Spyware, URL Filtering, Wildfire) will not work

2. Clientless GlobalProtect, HIP will n

Custom BlackList

I have a custom blacklist and when i try to import text files with URL it fail

anybody know what problem is can be?

Global Protect - Split Tunnel not Disabled

I am having an issue with both windows and Mac clients.

I have enabled the no direct access to local subnets option but I am still able to browse to my local router and I am getting reports of users being able to access local printers.

currently the ac