General Topics

Resolved! GlobalProtect client can't authenticate anymore after upgrade to 4.1

We have upgraded our firewall to version 8.1 and the GlobalProtect agent to 4.1.

We use a certificate to authenticate with our GlobalProtect Agent but after the upgrade (8.0.5 and 4.0.3) nobody can't authenticate anymore.

In the logs I always see this:

Resolved! SNMP Paloalto

Hello !

I want to do snmp polling to a palo alto firewall, but not using any management "software" (like zabbix). I'm trying to do it via bash command snmpget, in which i pass the object OID 1.3.6.1.2.1.25.3.3.1.2.1 (CPU util on the management plane)

Resolved! PA inbound decryption

PA drop (decrypt-error, policy-deny) packet when client present a certificate (SMTP STARTTLS).

PAN OS version: 8.1

Test cases

1) Client cert TRUSTED, TLS 1.2 with ECDHE-RSA-AES256-GCM-SHA384

Client send Certificate Verify TLS payload

openssl s_client

Resolved! Panorama fails to deploy PanOS to Firewalls

We have a Panorama (M-100) managing several PA5020 firewalls. We need to update the PanOS from 6.1.7 to 6.1.10 (don't push for higher this is all we can do for now). I've updated the Panorama to the 6.1.10 version. Now i try to use the deployment sof

Resolved! User ID agent user-IP mapping refresh evets

Hi Experts

As you know the default cache time for user-IP mapping in user-ID agent is 45 minutes. If I am not using WMI or netbios or server session monitoring then:

1- How user-IP mapping can be maintained by user-ID agent? This means user has to lo

Resolved! how to add PA forward decryption certificate to Minemeld

Dear all,

first of all, thanks a lot to all contributors for this great project.

Quick question: I configured my Minemeld instance in my local network and I also have SSL interception configured on my PA.

For the moment I had to exclude the IP of

Resolved! Certificate Error on Miner Refresh

Currently Running MineMeld Version 0.9.40 on Ubuntu 14.04. I am getting the following certificate error. I have tried updating the self-signed cert, restart, ubuntu reboot. with no change.

Resolved! Certificate is expired and is shown in the browser

Good Morning,

System: PA-3020

SW Ver: 8.0.6

we are trying to implement a certificate on our Test Firewall and have encountered the an expired certificate.

We have created the certificate (self-signed); however, when I go to the Palo Alto GUI, the brows

Resolved! URL classified as Malware but not sinkholed

Hello,

Quick question for a specific URL (cia.toh.info)  This URL is classified as malware in PAN-DB but doesn't show ip in the AV release notes as a malware site so it doesn't get sinkholed when we do a DNS lookup for that url.  We've noticed other

Resolved! I've bought 1 more public IP range but cannot use it

Dear all,

I've 2 internet lines connected to 2 different ISP: ISP-1 and ISP-2. Default route to internet is the connection to ISP-2

I just bought 1 more public IP range from ISP-1 that belong to a different subnet with my current ISP-1 public IP range.