I recently upgraded from panos 9.1.13-h3 to 9.1.14 then SSL decryption stopped working, in the traffic monitor there wasn't any decryption error but when i excluded a PC the internet worked
and it seams other people are also having the same issue (Red
I created a new FQDN address object to facilitate a new Policy(rule).
When tested the FQDN resolves internal to the Palo Alto Firewall.
The rule contains one destination address which is the new company.fqdn.com FQDN
The rule contains one source addres
...
Issue:
PALO ALTO to AWS IPsec site to site VPN not able to established.
Situation
Since AWS will provide two VPN tunnel by default.
One of the VPN tunnel is established using the same public IP of PALO ALTO while the other VPN tunnel not able to establis
Hello, I am SE from Korea.
Is there have one admin console for SaaS secure API and inline?
I have both configured, but the console is different.(attached picture)
However, Palo Alto Korea said, 'console has been integrated in one'.
how can I
...
Hi guys,
We have a firewall that shows the free SWAP memory 0. Is this normal? It is a new installation and Genindex process seems to be normal. Here is the output of "show system resources":
I have a PA410. After upgrading the software recently, I found that the original monitoring log has reduced a lot of functions, and even the ACC function has been lost.
I checked the website information and found that this function was cancelled after
Hi there,
Does anyone know what does it mean generally for CVEs that cannot be found on Palo Alto Advisories?
Does it mean Palo Alto is not affected or the advisories has yet to update?
A few examples that cannot be found would be the following :
CVE-
...
Hello People ,
We have a situation where in a Site to Site IPSEC exists between Cisco ASA and PALO ALTO FW
The LAN segment of the Network is behind Cisco ASA . Infact all of the VLANS are in this LAN Segment which is Behind Cisco ASA .
The require
...
i am going to access PA firewall on the browser or Global protect its shows Your connection is not private (Privacy error) then I m clicking on proceed to unsafe then it's showing the main page. how to resolve this.
security certificate does not sp
Hi Guys, is it normal that Skype uses this u-meeting app-id every time user uses the screen sharing feature?
I tried to block this app-id and the screen sharing stops working.
Because I only allow app-ids listed on this article: https://knowledgebase.
Hello, i have question about PBF Using ECMP.
We have 3 ISP and using ECMP Setting with weight round robin and Symetric Return Settings
ISP A > 200
ISP B > 100
ISP C > 50
NAT we set like this
All User > ISP A
Using PBF for some IP Segment
Segment A to ISP
...
Without decryption server preferred order comes out as this.
And after enabling decryption it appears as
Looks like PA is doing it. Is there a way to manually control this order on PA
Hi Everyone,
I am unable to block the ".iso" & ".txt" file download with File Blocking Profile, I am able to block the rest of the files format.
same issue with HTTP and HTTPS traffic. I have enabled decryption for HTTPS traffic but still the same iss
...
What are the reasons we don't see transmit or drop in capture and traffic log shows traffic is allowed to/from correct zones, and tcp as age-out in logs. Packets only show in receive/firewall stage. Alos checking flow basic, I do not see the packet a
...
After several hours, I have been unable to find a way to inquire about our small company's website being tagged as Phishing. This is going to cost me a large contract with a city municipality. Do I have to buy Palo Alto services to get it removed?
S
...
OtakarKlier
on:
Basic question regarding policy
Astardzhiev
on:
Is A/P Throughput synchronized?
OtakarKlier
on:
How to correctly decrypt FTP (over TLS) traffic
Astardzhiev
on:
Many government sites are not opening on paloalto networks. Same is opening on outside network
