General Topics

Cannot upgrade Minemeld

After reading PAN-SA-2019-00015– Cross Site Scripting (XSS) in MineMeld, I need to upgrade to version 0.9.62 but this is what I get:

ubuntu@sfovp-minemeld:~$ sudo /usr/sbin/minemeld-auto-update 
2019-06-28 16:45:57,709 INFO:0.9.11 Current status: 
20

SSL Inbound Decryption with a web proxy doing SSL Forward Proxy!

Hey girls/guys. My clients on the internal network, talk to a web proxy on the internet that performs SSL forway proxy. This traffic traverses the Palo Alto firewall - we would like the Palo Alto to see inside this traffic for threats,etc. Note: The

Looking for a keyword report

Hi Everyone,

I would like to create a report that sends me a email either straaight away or on a schedule, that when a user performs a search for a keyword i.e suicide I am alerted.

I workout how to create a report if the url contains a keyword, howev

packet size

Hi,

How the packet size  impact throughput .

Why do we require higher throughput when the packet size is small. 

How do we identify the packet size during the poc time ?

which service will be using the smaller packet size ?

Thanks

Internal Gateway not working

I'm trying to create an internal gateway to be able to capture User ID fully and start creating User ID based rules.  I created the dns records and put the gateway on a loopback interface on the firewall that is in the internal trusted zone.  I have

Authentication with LDAP server failed because received empty DN for user

Hello community,

I have an issue and maybe you know the reason. Here the situation:

Trying to create an authentication profile to authenticate with active directory but it´s not working.

When testing the profile with "test authentication ... " command

Recommended Version

Good Morning:

What is the recommended version for the Palo Alto 3050 series firewalls?  We are currently running 8.1.8

What are your thoughts on 9.0.2-h4?  Are there any problems with it, or should we more likely than not be good to go?

Custom URL Category and SSL Decryption

Hello all,

We have a custom URL category created to exclude sites from SSL decyption. We have the category set to no decrypt on the firewall but recently we encountered an issue where URLs that we add to the custom object were not getting categorized

Maximum number of OSPF routes supported in 3220 & 850 within single VR

What are the maximum number of OSFP routes in 3220 and 850 box regardless of PANOS. And maximum number of OSPF neighbours in both boxes.  

BGP sessions not exporting

Hi folks/

I'm trying to use BGP to synchronise routing across two ISPec tunnels to a Palo Alto HA cluster.

I have BGP connectivity established - the remote end is exporting the routes I want, and they're being seen (and managed correctly) by the Palo

Force BGP Peering over a certain interface/path

I have many paths through my network and my palo altos are choosing to peer iBGP with each other over the Northbound paths to the next level of of switches. I want them to use the links south bound to my datacenter core to peer BGP. They are peering

USER-ID and problems with runas /netonly in combination with MMC modules

Hello, 

as a safety measure i placed my workstation in a different vlan and from there i'm managing our network and servers which are located in the designated dedicated vlans. 

On the firewall we have a rule which makes it possible for our 'admin' a

PAN DB URL filtering issue.

Dear all,

One of my customer PAN DB License expired and we try to block all Youtube videos excluding some the vidoes links in Youtube. 

My query here is, whether if the device without a valid PAN DB Licence we will be able to acheive the above requir