SAML with RSA MFA authentication profile is getting synced on the HA active/passive firewall. The issue is that each node needs it's own unique authentication profile. As soon I change it on one node it sync's to the passive node. Is there any way
...
BUG -106914.
this is mentioned in 8.1.9 PAN OS as addressed issue.
Please find the detail:
Fixed an issue on a firewall in a high availability (HA) active/passive configuration where HA1 and HA2 links stopped passing packets, which caused a split-brai
...
Hi!
What are the difference between in the Preemption Hold time and Promotion Hold time?
Under General Information in Panorama, both the version numbers and dates for the installed dynamic updates are listed like this:
Application Version 8172-5560 (07/17/19)
Antivirus Version 3042-3552 (07/17/19)
WildFire Version 367098-369809 (07/17/19)
...
We have GP license for a smaller 220. Idea is to have 220 in DMZ and allow users to connect internall or externally to connect to GP.
The issue i am having is that when trying to connect internally i am getting not authorized message from the client.
...
I'm unable to run minemeld over HTTP. This is in a test environment and I do not have a cert at this time.I tried the suggestions on other forums with no success.
I understand that Soltra is part of the existing 3rd party intelligence feed, just wondering has anyone created a prototype from FS-ISAC? THe portal address is https://portal.fsisac.com/
Understand from FS-ISAC, they uses Soltra as part of their in
...
Hello everyone,
I have a question for which I can't find any documentation to solve it.
Our security manager wants to increase security at the VPN prelogon.
Since version 9.0 PANOS, its possible to make a VPN prelogon with 2FA or SAML authentication.
-
...
Hi all,
I'm currently reviewing our PA5250 security policy ruleset and I'm doubting the best way to handle it. We have about 800 rules and lots of those rules combine functions. For example a server is allowed to FTP to ip a.b.c.d and should be allow
...
Hello everyone,
Please help me in writing a script for backup of initial settings of Palo alto firewall.
I am new in network security, requesting you to help me.
Br//
Ashutosh
Hi Guys,
I'm experiencing issue where one of the site is not accessible when the decryption profile is enable with no decryption for SSL forward proxy. After disabling the block untrusted issue I'm able to access the site.
I'm facing this issue in
...
I've created a HIP policy to filter GP users if they are missing the security patches for BlueKeep. However, with monthly roll-ups I have to go in and generate a new HIP object each month.
We currently patch our Windows machines 30 days behind Micro
...
Folks,
we want to work on some specific BGP advertisements. Our aim is to propagate the deault-route to only on specific eBGP peer.
So far what we have already done is configured a static route redistribution profile.
This is done under "Redistributio
...
I wanted to know that I could see the SPI value in the wireshark in site to site policy based VPN.
So basically in base two there are two SPI value inbound and outbound, so if the attacker is capturing my traffic then he'd able to see my SPI value. t
...
We have
The company want that all people accessing from GLOBAL PROTECT vpn CLIENT use the two-factor autentication. We have released an U2F USB security usb key for the email.
Does PaloAltoNetork support an external Two-Factor Autentication for the V
...
reaper
on:
What does ch mean in PA-VM-OS Software?
OtakarKlier
on:
PCNSE Bootcamp
