General Topics

Resolved! does panorama gets local config from firewall

On one of education videos it says that in background panorma talks to firewall every 90 mins or so and pulls whole config

from palo alto(local config on palo alto and global config pushed via panorama?

Need to confirm if we have local config on palo

Resolved! PA not installing antivirus automatically

On Active PAssive PA both devices are configured to download and install the antivirus every hour.

Today PAssive PA installed the software but on Active it only downloaded the antivirus update.

I need to manually install the antivirus on the active PA

Resolved! Single packet threat pcap and disk space alert

I have enabled threat signature to capture single file only.

but from last 3 days i see so many same threat logs with pcap done.

i got email today of disk space alert

i checked disk space

show system disk-space

Filesystem Size Used Avail Use% Mounted

Resolved! losing panorama config pushed to firewall

wondering if we have pushed all the config from panorama to pa.

PA has all the global  security polices.

what will happen  if we lose that panorama device like hardware failure?

or if we delete all the config from panorama and give it reboot?

Resolved! ssl decryption and policy deny

I have configured ssl decryption and rule is there to allow the traffic 

IT is hitting the right rule but policy says denied?

what can be reason for this?

Resolved! session offfload and flow basic

When we do session offload then PCAP can not capture the session offload traffic .

if i am also doing flow basic on that then flow basic will not be impacted by session offload?

Regards

Mike

Resolved! Wildfire appliance on a darknet

I have recently been given the responsibility of installing and managing a previously purchased WF-500.  It was purchased for an environment that is completely disconnected from the Internet, totally dark.  My question is - is there a way to manually

Resolved! ssl-decrypt exclude-cache ---SSL_CLIENT_CERT

when i run below command 

show system setting ssl-decrypt exclude-cache

VSYS SERVER APP TIMEOUT REASON DECRYPTED_APP PROFILE EXCLUSION_LIST_MATCH

13.71.172.130:443 ssl 42077 SSL_CLIENT_CERT undecided default No

does this mean that PA can not decrypt

Resolved! Decryption Profile ----No decryption

i am using default  decryption profile.

Under tab  no decryption i see below

block sessions with expired certs

need to understand when does this setting is used when i am doing the ssl decryption or not doing ssl decryption?

 also does it only apply

Resolved! LDAP over IPsec?

Hello.

I'm trying to configure UserID via our domain controllers in AWS.

The setup:

We have an HA PA-820 pair on-prem connected to our domain in AWS via a redundant IPsec tunnel.  Traffic is passing between LAN and IPsec zones; on-prem workstations ca