This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4111 Views
  • 0 replies
  • 0 Likes

How to disable SSH weak algorithm supported

We used Nessus to run security scan on the PA-5220 we are trying out and it came back with the following medium vulnerability:https://www.tenable.com/plugins/nessus/90317The remote SSH server is configured to allow weak encryption algorithms or no algorithm at all.Nessus has detected that the remote SSH server is configured to use the Arcfour st...

cnarvasa by L0 Member
  • 60857 Views
  • 5 replies
  • 0 Likes

Do I need SSL decryption to turned ON for Wildfire deployment ?

Can Wildfire engine detect & identify zero day or known threat if SSL decrption feature is off in Palo Alto firewall ? WildFire can discover zero-day malware in web traffic (HTTP/HTTPS), email protocols (SMTP, IMAP, and POP), and FTP traffic and can quickly generate signatures to identify and protect against future infections from the malwar...

PS007 by L2 Linker
  • 8066 Views
  • 4 replies
  • 0 Likes

HA1 encryption issues?

Hi Random question but has anyone had any issues when enabling HA1 encryption? I performed a BPA yesterday and noticed that we do not have HA1 encryption enabled. I looked into it and seemed like a very simple/quick win to do and after following step 6 from here and commiting the change HA1 goes down.The firewall stays up and operational just th...

CRDF18 by L2 Linker
  • 4228 Views
  • 2 replies
  • 0 Likes

Authentication Profile

SAML with RSA MFA authentication profile is getting synced on the HA active/passive firewall. The issue is that each node needs it's own unique authentication profile. As soon I change it on one node it sync's to the passive node. Is there any way to not have the authentication profile sync?

Shawverr by L3 Networker
  • 3120 Views
  • 2 replies
  • 0 Likes

BUG -106914

BUG -106914.this is mentioned in 8.1.9 PAN OS as addressed issue. Please find the detail:Fixed an issue on a firewall in a high availability (HA) active/passive configuration where HA1 and HA2 links stopped passing packets, which caused a split-brain condition after an automatic configuration sync. I need information if this is related to any p...

arun_sh by L1 Bithead
  • 7430 Views
  • 3 replies
  • 0 Likes

Dates of dynamic updates only in Panorama, not firewall

Under General Information in Panorama, both the version numbers and dates for the installed dynamic updates are listed like this: Application Version 8172-5560 (07/17/19)Antivirus Version 3042-3552 (07/17/19)WildFire Version 367098-369809 (07/17/19) But when I logon to one of the firewalls (or change context in Panorama) only the version numbers...

Resolved! GlobalProtect client config fail

We have GP license for a smaller 220. Idea is to have 220 in DMZ and allow users to connect internall or externally to connect to GP. The issue i am having is that when trying to connect internally i am getting not authorized message from the client. It is an on-eman confiuration and i know the account works as i am using same ldap profile to lo...

image.png
image.png
raji_toor by L4 Transporter
  • 9212 Views
  • 1 replies
  • 1 Likes

Prototype for FS-ISAC

I understand that Soltra is part of the existing 3rd party intelligence feed, just wondering has anyone created a prototype from FS-ISAC? THe portal address is https://portal.fsisac.com/ Understand from FS-ISAC, they uses Soltra as part of their intel too, is FS-ISAC intelligence pool as subset of Soltra?

c_cong by L1 Bithead
  • 27983 Views
  • 27 replies
  • 0 Likes

Resolved! GlobalProtect VPN prelogon 2FA/MFA

Hello everyone, I have a question for which I can't find any documentation to solve it.Our security manager wants to increase security at the VPN prelogon.Since version 9.0 PANOS, its possible to make a VPN prelogon with 2FA or SAML authentication. -> GlobalProtect Prelogon PANOS 9.0 Is it possible that the 2FA/SAML authentication phase wil...

jk0neil by L0 Member
  • 7332 Views
  • 1 replies
  • 0 Likes

# of rules vs simplicity

Hi all, I'm currently reviewing our PA5250 security policy ruleset and I'm doubting the best way to handle it. We have about 800 rules and lots of those rules combine functions. For example a server is allowed to FTP to ip a.b.c.d and should be allowed to ssl to ip w.x.y.z. At the moment this is combined in one rule which means that servers is a...

tomdevos by L0 Member
  • 5349 Views
  • 5 replies
  • 1 Likes

Resolved! Decryption certificate validation issue

Hi Guys, I'm experiencing issue where one of the site is not accessible when the decryption profile is enable with no decryption for SSL forward proxy. After disabling the block untrusted issue I'm able to access the site. I'm facing this issue in PA 850 Platform PANOS 8.1.8. We have upgraded the PANOS from 8.1.7 to 8.1.8.Also would like to ad...

BlueKeep HIP policy

I've created a HIP policy to filter GP users if they are missing the security patches for BlueKeep. However, with monthly roll-ups I have to go in and generate a new HIP object each month. We currently patch our Windows machines 30 days behind Microsoft's rotation (with exception to some security patches) so I can't just do a carpet check for a...

  • 24332 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks