HA1 encryption issues?

Hi

Random question but has anyone had any issues when enabling HA1 encryption?

I performed a BPA yesterday and noticed that we do not have HA1 encryption enabled. I looked into it and seemed like a very simple/quick win to do and after following step

Authentication Profile

SAML with RSA MFA authentication profile is getting synced on the HA active/passive firewall.  The issue is that each node needs it's own unique authentication profile.  As soon I change it on one node it sync's to the passive node.  Is there any way

BUG -106914

BUG -106914.

this is mentioned in 8.1.9 PAN OS as addressed issue.

  Please find the detail:

Fixed an issue on a firewall in a high availability (HA) active/passive configuration where HA1 and HA2 links stopped passing packets, which caused a split-brai

PA HA timers : Preemption Hold Time vs Promotion Hold Time

Hi!

What are the difference between in the Preemption Hold time and Promotion Hold time?

How to scan SFTP over SSH file transfers for virus or malware

Hi all,

I just set up SSH decryption, also known as SSH proxy on the palo alto.

When I look at the actual sessions, I do see a checked box near to decrypted, so according to me the decryption itself works.

I also got a warning about a man in the middle

Dates of dynamic updates only in Panorama, not firewall

Under General Information in Panorama, both the version numbers and dates for the installed dynamic updates are listed like this:

Application Version 8172-5560 (07/17/19)
Antivirus Version 3042-3552 (07/17/19)
WildFire Version 367098-369809 (07/17/19)

Unable to run minemeld over HTTP

I'm unable to run minemeld over HTTP. This is in a test environment and I do not have a cert at this time.I tried the suggestions on other forums with no success.

Prototype for FS-ISAC

I understand that Soltra is part of the existing 3rd party intelligence feed, just wondering has anyone created a prototype from FS-ISAC? THe portal address is https://portal.fsisac.com/

Understand from FS-ISAC, they uses Soltra as part of their in

# of rules vs simplicity

Hi all,

I'm currently reviewing our PA5250 security policy ruleset and I'm doubting the best way to handle it. We have about 800 rules and lots of those rules combine functions. For example a server is allowed to FTP to ip a.b.c.d and should be allow

How to write a script for backup of initial settings of Palo alto firewall

Hello everyone,

Please help me in writing a script for backup of initial settings of Palo alto firewall.

I am new in network security, requesting you to help me.

Br//

Ashutosh

BlueKeep HIP policy

I've created a HIP policy to filter GP users if they are missing the security patches for BlueKeep. However, with monthly roll-ups I have to go in and generate a new HIP object each month. 

We currently patch our Windows machines 30 days behind Micro

advertising a default-route to a single eBGP peer in the Palo Alto.

Folks,

we want to work on some specific BGP advertisements. Our aim is to propagate the deault-route to only on specific eBGP peer.

So far what we have already done is configured a static route redistribution profile. 

This is done under "Redistributio