SSL Inbound // decrypt-unsuppot-pram

What can i do here..Is it something we have to fix on server side or firewall.

Not Working, Block sessions with unsupported cipher suites, Selected.

Protocols allowed min SSL3.0 to MAX

Working, with Block sessions with unsupported cipher suites, Un-s

Session Keep Alive packet size

 Good Afternoon Community!

I believe there is a minimum packet size for an application keep-alive packet for Palo Alto to register a session match. I am just having a hard time finding that documentation.

Does anyone know and could share or am I mist

Path Monitoring for Auto Fail over between 2 ISP but it is not working

I recently configured Path Monitoring for Auto Fail-over between 2 ISP but it is not working. Primary route is not removing from the routing table even when destination IP is unreachable

ISP-1: x.x.x.x

ISP-2: x.x.x.x

I have configured both interface on

Multiple MFA vendors at the same time

Good morning,

We are currently using Symantec VIP for MFA with our PA. Management would like to move to Okta and would like to know if both can be used at the same time? 

Thanks,

Steve

Block Dynamic Domain from Security Rulebase

Already the specified Malicious URL getting a block from URL Filtering and detected in Threat Prevention with action.

it’s a dynamic FQDN/IP that has to block from the security rule base too, but the does not want to add each IP to block as he receive

Passing original IP information for source NAT translated traffic

I don't know the feasibility of this on the PAN. I've seen this done by means of custom scripts on load balancers. But, I thought it might be better to ask here since there are always more than one person with the same issue.

The current situation:

• I

Address monitor and remove from address group

Hi Community,

Customer is performing session distribution using destination NAT. They have three server nodes so they put them together in one address group and called that group in destination NAT session distribution.

it is working fine. But they w

Bricking a firewall?

Ok, I am not surprised in life that an upgrade can go wrong.  Happens on many different technologies.  But I recently had my over $60k PA5220 firewall brick going from 17.x to 18.x.  And that was after getting advice from PA support before doing the

Not able to comunicate with paloalto eth 1/2 interface

Hi Guys

I have come here with lot of hope , I am doing my masters project and for that purpose my topology .My goal here is to show how paloalto can block the threats with its inbuilt IDS IPS ,url filtering , block traffic etc but right now I am faci

Aggregation of ethernet on PA-4050 with Cisco switch

Hi,

I am trying to get an aggregation link up between a Cisco and PA-4050 switch (v3.1.2). I have two link in the group and have configured L3 sub interfaces to seperate VLANs. I am able to send traffic across these links but they are clearly not func

Palo Alto Zone Primer

Hi All!

I've recently been creating video guides on Palo Alto Topics. This time I've started on zones.

This includes why we use zones, how they help, and some advanced features that PA have (zone protection profile and packet buffer profile).

If you'r

PAN-OS 8.0.5 sending continuous delete and create for IPSec SA

PA is sending continuous delete create every 3 seconds. It can be seen from the PA logs that SPI 0xAFD67238/0xC436E70E created at time 2020-06-13 05:50:55.230 and PA became responder for established child SA. For some strange reason PA again triggers

DNS Resolution