General Topics

LDAP-SSL implementation

We want enable LDAP-SSL and i have checked the require SSL/TLS setting in the LDAP profile. I don't see any TCP/636/SSL traffic to the DC from firewall. I only see TCP/389/LDAP traffic, what i am missing.

MAC Address Table learned by Palo Alto

Hi ,

Is there a way we can view the MAC addresses learned by Palo Alto, I am not talking about ARP. 

So in Juniper/Cisco Layer 2 Switches you can see what mac addresses are learned on the mac address table Can we do that same in Palo Alto?

Thanks

Minemeld crash once in a while

HI,

My Minemeld is running in a docker container. It consumes memory as much as possible.  Now the server is configured with 32 GB memory, still 100% usage by Minemeld. It crashes every a couple of days. The requested url for feed gets internal error.

font blocking

Hello,

I'd like to block users from downloading any OpenType (.otf) and TrueType (.ttf) fonts. Is there any way to block them?

Password Profiles complexity

I would like to set up a Password Profile with all attributes at zero, can this generate an account lock or would I have no problems?

regards

Active - Active firewall deployment across two data centers

Hi All, 

We are exploring the firewall deployment options for one of our customers who have a requirement to stretch few VLANs across 2 data centers most probably using VXLAN/EVPN. The options currently being explored are:

1. Active-Standby firewalls

Export dumps file for SLR in a multi-vsys NGFW

Hi community, I realised when i'm exporting the dump file by CLI, it takes so much time in a multi-vsys system but not for a single vsys, what is the reason for this?, there is a way to accelerate this proccess?, Regards.

Dual ingress ISP setup vs Juniper SRX

Hi,

   there is a fundamental difference between Juniper SRX and Palo Alto Firewalls regarding how reverse route look up occurs

for a session. With Juniper SRX, if I have two ingress traffic via two different ISPs, I can put each into its own routing i

BGP Peer with ISP

Hi 

I need some guidance on setting up BGP peer with my ISP, this is a new connection.  I have external interface setup and I can ping to next hop and route to public internet.  I need to advertise the /24 block network that my ISP assigned me.  This

Certificate vulnerable *Urgent*

Applying QoS for WebEx behind PA FW

Hello,

I have a WebEx Server hosted behind a PA FW. I need to apply QoS for it. Currently, I have a NAT in place to NAT the WebEx Public IP to the Server Private IP, Destination NAT is applied. Is it applicable to apply QoS for such traffic? I need t