Hi all, I want to know, what device certificate is for and what it does? Thanks !!!
Hello,Currently, every server is behind trust zone, so I can't control traffic from trust user or server to server by FW. I have two options 1 attach server farm switch to edge firewall 2 deploy new FW in front of server farm switch Which is more common way and is there any better reason to chose 2nd option than 1st?
As of the pen test via SSL LAB i was observed that less secure ciphers like DES, RC4 were supported by global protect portal ,so that i have disable the all the weak cipher suite and it's successfully done but the when i disable CBC-256 Suite when i commit it got this error Please Suggest protocol-settings { min-version tls1-2; max-versio...
I have decryption turned ON for outlook.office365.com url but firewall cannot really inspect the contents that are inside the email. Is it because Microsoft encrypts the email and Palo doesn't know how to decrypt it? has anyone tried decrypting outlook email traffic and successfully log the data files inside them?
Today i've noticed a strange behaviour of HA pair of Pa820 (panos 8.1.6) in Active passive configuration.In the dashboard page i've noticed the running config not in sync with peer.So i checked the differences with the diff button and i discovered that master node want to replace its own ha settings on the slave node.And also the management ip!O...
Hi Everyone I have some problem for Captive Portal redirect.PAN-OS - 8.1SSL decryption - enableAuthentication - Active DirectoryIPs - 1000+-Platform - 3250 Series the problem is partial IPs cannot get captive portal page to authentication, but partial IPs success work at captive portal, we think maybe the loopback ip already been used at other ...
global-protect-client software need to remove from "currently activated" in short we dont need to see any activated global-protect-client software in NGFW.Tried to delete but unable to see delete software image i.e cross sign which has currently activated in NGFW, if i will download other version with activate then previous one is showing cross ...
i want to configure security policy based and want to allow access only by end user hostname...can we do that?
Hi, In the middle of POC testing accessing internal servers via RDP, using Clientless VPN and Guacamole. The Clientless VPN and Guacamole side are already set up and working fine. This is how I would like to see the POC working:1. External users connect to the Clientless VPN gateway.2. Enter their 2-Factor-Authentication details (I will be using...
Hi expert, I would like to allow just mail-server strict to the URL with service SMTP only it can use the URL-category ? or URL-filtering without the service such as HTTP,https,http-proxy Thank you
Hi Guys, I want to create the DOS profile for critical servers. I read that I can use classified type so connection count toward only one IP address.My question is can I add multiple servers IPs in same DOS Rule or I need to create multiple DOS rules. Also, I might need to tune threshold base on servers so is it better to create new DOS rule?If ...
I have an existing LAN with two data centers. The firewalls at each are not in a cluster, and have different internal/external connections and tunnels, so changing to active/active it not possible. They each have separate DMZ's right now.We need to build a new redundant DMZ.I've implemented static routes with next hop of none for my Public IP's ...
In case you missed it, the LIVEcommunity team has just introduced the LIVEcommunity Cyber Elite program. What is the Cyber Elite program you ask? This is a program that we have helped create to recognize the Expert members of the LIVEcommunity. We in the LIVEcommunity know that a community is only as good and strong as our members (and boy d...
We are standing up some new PA firewalls and have been testing with some HL7 servers. Testing has been going well until recently where "unknown-tcp" traffic gets denied. It seems that it only happens when the transfer of a specific file/message is being transferred. I spoke with our the HL7 Interface/Server guy and he shared this bit with me....
If I put a hard disk from a PAN3220 that failed, in a new PAN3220, what impact does the license have or is it only linked to the serial number of the Firewall
