General Topics

Excessively long useragent

I don't think the following bot useragent is acceptable:

Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from

...

Starting with Palo Alto Networks - What I wish I had known...

Beginnings are not always perfect. Whether you started your Palo Alto Networks journey years ago or just recently, tell us what you learned early on that you wish you had known before.

If there was one thing, or maybe more, Live Community users w

...

Just getting started, looking for "mentor-like advice"

Hello all--
I'm a long time data person. I'm very good with native SQL, MS Access, MySQL, Tableau, PowerBI, R, and a novice with D3.

So I understand how to use data very well.

I have done some training in Network Technology and definitely understand

...

Resolved! About address object with FQDN and apply it to security policy.

If I have a FQDN "abc.com" that have two DNS records 10.0.0.1 and 10.0.0.2.

Then I create a address object with FQDN type, and the value is "abc.com"

When I use this object into security policy, how does it working? Does it become 10.0.0.1 or 10.0.0.2

...

Block scanning from shodan

Hello,

Anyone have successfully block scanning from shodan.io? www.shodan.io ?

It looks like Checkpoint has written specific signature to block shodan scanning, http://blog.checkpoint.com/2016/01/04/check-point-threat-alert-shodan/

-E

Best config to speed up HA failover

During the last PAN OS upgrade we had to failover between two firewalls in HA configuration. The failover time takes unusually amount of time during which the Internet access was unavailable. It took approximately 10-15 lost pings (to internet host)

...

Resolved! What cloud services are affected by CVE-2020-1982?

Dear Team,

When checking CVE-2020-1982 in Palo Alto Networks Security Advisories, we found the following text:

> These cloud services include Cortex Data Lake, the Customer Support Portal, and the Prisma Access infrastructure.
URL : https://security

...

Resolved! capturing ssl decrypted traffic

Hello group,

as I'm thinking that someone is doing nasty things in the SSL-traffic, I thought of decrypting the ssl, capture the decrypted packets and put the into wireshark to look at it.

Only I could not find a way of explicit tell the PA to capture

...

Resolved! Panorama plugin log(AWS&K8S) delay

Dear Team,

I linked Panorama to the VM firewall.

Of course, the Timezone was set the same for both devices. (asia/seoul)

However, if I check the plugin log (AWS&K8S) in real time on Panorama, I will only see logs from about 4 hours earlier than t

...

Resolved! Palo Alto PA-5220 - Data-plane traffic stops intermittently for 20-30 min

We have a PA-5220 which seems traffic through data-plane stops intermittently for 20-30 min comes back up by itself.

The issue does not affect our management access as we are using the dedicated management interface which from what I understand it ha

...

Millennium (mp)# について

はじめまして。

勉強用にpa820を購入しました

Millennium (mp)# と出てきたのですが、イメージの破損でしょうか？

どなたか解決方法を教えていただきたいです。

よろしくお願いします。

How to configure Local Server for IPSEC Tunnel

We have created the IPsec tunnel and need to configure local servers .Kinldy help on this request.

No Logs for DMZ zone

We have created a NAT policy to access the Server in the DMZ zone, we can able to successfully connect to the server from public network. But, we cannot see the traffic logs for the same.

Resolved! How to configure gre over ipsec？

Hello

For example, some implementations require multicast traffic to be encapsulated before IPSec encrypts it. If this is a requirement for your environment and the GRE tunnel and IPSec tunnel share the same IP address, Add GRE Encapsulation when yo

...

Source and Destination NAT for PA-VM on Azure Cloud with VPN tunnel

Hello everyone,

I am working on a project to deploy a Cluster of two Palo Alto VM's on Azure. While designing the solution with an internal and external Loadbalancer (you can see the picture in my post) i don't know if i need to configure Public IP a

...

Discussions

Excessively long useragent

Starting with Palo Alto Networks - What I wish I had known...

Just getting started, looking for "mentor-like advice"

Resolved! About address object with FQDN and apply it to security policy.

Block scanning from shodan

Best config to speed up HA failover

Resolved! What cloud services are affected by CVE-2020-1982?

Resolved! capturing ssl decrypted traffic

Resolved! Panorama plugin log(AWS&K8S) delay

Resolved! Palo Alto PA-5220 - Data-plane traffic stops intermittently for 20-30 min

Millennium (mp)# について

How to configure Local Server for IPSEC Tunnel

No Logs for DMZ zone

Resolved! How to configure gre over ipsec？

Source and Destination NAT for PA-VM on Azure Cloud with VPN tunnel

What does ch mean in PA-VM-OS Software?

HA4 firewalls

B2B VPN IKEv2 Fail with Amazon Private Cloud Peer

Help understanding Asymmetric Path issue

Can't import a certificate via XML API using C#

Re: What is still missing or needs to be improved in PA Next Generation Firewalls ?

CVE-2024-3400 IOC's

Re: Solution for "SSL decryption bypass for Anydesk"

Re: Solution for "SSL decryption bypass for Anydesk"

Re: Error installing dynamic update Apps

Unlock your full community experience!

Resolved! About address object with FQDN and apply it to security policy.

Resolved! What cloud services are affected by CVE-2020-1982?

Resolved! capturing ssl decrypted traffic

Resolved! Panorama plugin log(AWS&K8S) delay

Resolved! Palo Alto PA-5220 - Data-plane traffic stops intermittently for 20-30 min

Resolved! How to configure gre over ipsec？