Disable Cipher Suite

As of the pen test via SSL LAB  i was observed that less secure ciphers like DES, RC4 were supported by global protect portal ,so that i have disable the all the weak cipher suite and it's successfully done but the when i disable CBC-256 Suite when i

How to inspect email contents within outlook.office365.com?

I have decryption turned ON for outlook.office365.com url but firewall cannot really inspect the contents that are inside the email. Is it because Microsoft encrypts the email and Palo doesn't know how to decrypt it? has anyone tried decrypting outlo

Strange behaviour of HA pair active passive

Today i've noticed a strange behaviour of HA pair of Pa820 (panos 8.1.6) in Active passive configuration.

In the dashboard page i've noticed the running config not in sync with peer.

So i checked the differences with the diff button and i discovered th

PAN-OS 8.1 Partial IPs Captive Portal redirect not working

Hi Everyone

I have some problem for Captive Portal redirect.

PAN-OS - 8.1

SSL decryption - enable

Authentication - Active Directory

IPs - 1000+-

Platform - 3250 Series 

the problem is partial IPs cannot get captive portal page to authentication, but parti

Dashboard we don't want to see global protect client version

global-protect-client software need to remove from "currently activated" in short we dont need to see any activated global-protect-client software in NGFW.
Tried to delete but unable to see delete software image i.e cross sign which has currently acti

Policy Configuration hostname

i want to configure security policy based and want to allow access only by end user hostname...can we do that?

Clientless VPN and bypassing the Guacamole admin login page

Hi,

In the middle of POC testing accessing internal servers via RDP, using Clientless VPN and Guacamole. The Clientless VPN and Guacamole side are already set up and working fine.

This is how I would like to see the POC working:

1. External users conn

External BGP Static Route Advertisement, with Path Monitoring an inside net

I have an existing LAN with two data centers. The firewalls at each are not in a cluster, and have different internal/external connections and tunnels, so changing to active/active it not possible. They each have separate DMZ's right now.
We need to b

Have you heard of the Cyber Elite?

In case you missed it, the LIVEcommunity team has just introduced the LIVEcommunity Cyber Elite program.

What is the Cyber Elite program you ask? 

This is a program that we have helped create to recognize the Expert members of the LIVEcommunity. 

HL7 Traffic / Unknown-TCP traffic gets denied.

We are standing up some new PA firewalls and have been testing with some HL7 servers.  Testing has been going well until recently where "unknown-tcp" traffic gets denied.  It seems that it only happens when the transfer of a specific file/message is

Scope of the licence pan 3220 is linked to the serial number ?

If I put a hard disk from a PAN3220 that failed, in a new PAN3220, what impact does the license have or is it only linked to the serial number of the Firewall

Primary and Secondary SSL VPN global protect

One question that comes in my mind, can we use fallback URL or IP in Global Protect client? Like in Cisco AnyConnect, if the primary VPN Server or internet source is down then client connect with the secondary internet source automatically.