Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Ensuring a Safe and Secure Community: How You Can Help

 

Dear LIVEcommunity Members,

 

Ensuring a top-tier experience on LIVEcommunity and protecting our members’ safety and security is our top priority! To this end, we have implemented additional security measures to safeguard our vibrant global commun

...

safe-community_oct24.jpg
report-content.jpg
jforsythe by Community Team Member
  • 218 Views
  • 0 replies
  • 0 Likes

How to disable SSH weak algorithm supported

We used Nessus to run security scan on the PA-5220 we are trying out and it came back with the following medium vulnerability:

https://www.tenable.com/plugins/nessus/90317

The remote SSH server is configured to allow weak encryption algorithms or no al

...

cnarvasa by L0 Member
  • 58161 Views
  • 5 replies
  • 0 Likes

HA1 encryption issues?

Hi

 

Random question but has anyone had any issues when enabling HA1 encryption?

 

I performed a BPA yesterday and noticed that we do not have HA1 encryption enabled. I looked into it and seemed like a very simple/quick win to do and after following step

...

CRDF18 by L2 Linker
  • 3341 Views
  • 2 replies
  • 0 Likes

Authentication Profile

SAML with RSA MFA authentication profile is getting synced on the HA active/passive firewall.  The issue is that each node needs it's own unique authentication profile.  As soon I change it on one node it sync's to the passive node.  Is there any way

...

Shawverr by L3 Networker
  • 2546 Views
  • 2 replies
  • 0 Likes

BUG -106914

BUG -106914.

this is mentioned in 8.1.9 PAN OS as addressed issue.

  Please find the detail:

Fixed an issue on a firewall in a high availability (HA) active/passive configuration where HA1 and HA2 links stopped passing packets, which caused a split-brai

...

arun_sh by L1 Bithead
  • 3596 Views
  • 3 replies
  • 0 Likes

Resolved! GlobalProtect client config fail

We have GP license for a smaller 220. Idea is to have 220 in DMZ and allow users to connect internall or externally to connect to GP. 

The issue i am having is that when trying to connect internally i am getting not authorized message from the client.

...

image.png
image.png
raji_toor by L4 Transporter
  • 8549 Views
  • 1 replies
  • 1 Likes

Prototype for FS-ISAC

I understand that Soltra is part of the existing 3rd party intelligence feed, just wondering has anyone created a prototype from FS-ISAC? THe portal address is https://portal.fsisac.com/

 

Understand from FS-ISAC, they uses Soltra as part of their in

...

c_cong by L1 Bithead
  • 22137 Views
  • 27 replies
  • 0 Likes

Resolved! GlobalProtect VPN prelogon 2FA/MFA

Hello everyone,

 

I have a question for which I can't find any documentation to solve it.

Our security manager wants to increase security at the VPN prelogon.

Since version 9.0 PANOS, its possible to make a VPN prelogon with 2FA or SAML authentication. 

-

...

jk0neil by L0 Member
  • 6481 Views
  • 1 replies
  • 0 Likes

# of rules vs simplicity

Hi all,

 

I'm currently reviewing our PA5250 security policy ruleset and I'm doubting the best way to handle it. We have about 800 rules and lots of those rules combine functions. For example a server is allowed to FTP to ip a.b.c.d and should be allow

...

tomdevos by L0 Member
  • 4247 Views
  • 5 replies
  • 1 Likes

Resolved! Decryption certificate validation issue

Hi Guys,

 

I'm experiencing issue where one of the site is not accessible when the decryption profile is enable with no decryption for SSL forward proxy. After disabling the block untrusted issue I'm able to access the  site. 

 

I'm facing this issue in

...

  • 23615 Posts
  • 107 Subscriptions
Labels