Resolved! can i use ssl decryption cert for web gui
we have ssl decryption enabled and using our own CA as Internal Root Certificate. For webgui we get cert warning can i use same cert for Web gui to PA?
we have ssl decryption enabled and using our own CA as Internal Root Certificate. For webgui we get cert warning can i use same cert for Web gui to PA?
There is this Microsoft Application autopilot with tons of urls and destination IP addresses. I have created the SSL decryption Rule on Top for no decryption for all those IP addresses. When i see traffic logs it shows decrypted when i see url logs it shows no decryption for those IP's.Is this by design? I never saw like this before?
Trying to ssh the active device from passive using HA1 IP address mparmar2@Lab-EOCDC-NGFW-1(passive)> ssh port 28 host [email protected]'s password:Permission denied, please try [email protected]'s password:Permission denied, please try [email protected]'s password: tried the login pw do not work.need to know what is pw f...
Hello, Using 3020 HA pair. We are currently having two issues regarding fail-over:Fail-over time from primary to secondary takes about two minutes. Fail-over back to the primary takes on average 10 minutes. This seems excessive for a production environment.Once failed-over from primary to secondary, our externally-facing websites become inaccess...
Does PA-800 Series support IPS & IDS?
Hi All, We were configuring different URL filtering profiles on PA 5250 firewalls for each environment. Since the requiremnet is one environment should access specific set of URL's and other should acccess another specific set of URL's. for example the PCI envirmnet should not access the URL's defined for the HIPPA environment. So, we are endin...
Hi! Been testing the product for a couple of weeks, and I really am impressed, but while the TAXII/STIX miners work well from HailATAXII, I'm trying to feed output from my aggregator into a TAXII output to push to other tools down the line that can ingest the indicators and match them up from what comes out of our internal malware analysis. (S...
Hello All, Having a problem getting a basic setup running feel I am missing something simple. - Fresh install of MM on AWS. Built using Ubuntu and the following link: https://live.paloaltonetworks.com/t5/MineMeld-Articles/Manually-install-MineMeld-on-Ubuntu-Server-14-04/ta-p/98454 -Everything worked fine -Installed the O365 lists as this i...
Hi, I'm installing Minemeld behind a proxy server using the Ubuntu 14.04.05LTS image. The strange thing is that last week I've used exactly the same approach for demo purposes and Minemeld worked like a charm and got a 'Go' for it for production. This week, following the same approach the Minemeld instalation fails. I confirm that the VM has i...
Just started going through the new miners and looking over docs, we are not in production on our deployment for O365 yet. I understand there are app-Id's that would catch most of these, but I noticed that the URL Minemeld feed for the "any-any" version includes quite a few URLS....specifically including: www.dropbox.com www.youtube.com *.itun...
Besides the throughput, sessions, zones, address objects, decrypt sessions, does anyone have suggestions on noticeable differences between the 820 vs 850 for performance?
What did it mean in Active/Active· Session owner· Session setup
Hi folks, We have a PA200 that is in a remote branch location. It's connected via IPSec tunnel for management purposes.After we had to switch it out last year because of a recall, I found it useful to create an interface management profile with our specific HQ public IPs access to it, in order to login to it when the IPSec tunnel was not availa...
HI all This is likely to have been asked before, but a search of the Live! forums didn't turn up anything relevantAs part of security best practices in my organisation, I'm looking to enable 2FA (via DUO) on the admin web interface I have the instructions for adding 2FA to user browsing via Captive Portal, and for adding 2FA to GlobalProtect con...
Hello I am curious if there is a way to block hardcoded IP's containing applications? So I would allow downloads when there is a domain name but not allow the download when it is a IP. Example: http://x.x.x.x/filename.exe
| Subject | Likes |
|---|---|
| 4 Likes | |
| 2 Likes | |
| 2 Likes | |
| 1 Like | |
| 1 Like |
| User | Likes Count |
|---|---|
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 2 |

