We do SSL Decryption on our PA.
Recently we have been seeing a lot of sites that do not decrypt
Chrome comes up with ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION
Firefox does not have any meaning full error message
A quick google shows that it is to d
...
Hello
I have few questions regarding user-ID agent that is installed on DC (domain controller)
1- When the user login to machine, agent on DC send the username/IP details to PAN immediately?
2- Say after 10 minutes, user log off then agent on DC
...
Hi,
When trying to setup SSL decryption which requires enabling both “Forward Trust and Untrust Certificate”. The certificate has been added but the options are grayed out as shown.
what can be reasons?
Any idea would be appreciated. : )
Hello Community,
I have configured L3 Sub-Interface on a Palo Alto firewall in a virtual environment. Can someone please let me know if there are any show commands to verify that the configuration is working successfully?
Thank you
Carlton
When I look under Monitor -> Logs -> System, I see the following:
1. ipsec-key-delete: IPSec key deleted. Deleted SA <SA info> SPI:<hex dump>
2. ike-nego-p2-succ: IKE phase-2 negotiation is succeeded as responder, quick mode. Established SA <SA i
...
Hi,
Have anyone tried to configure different HA setup for different VSYS? Let's say VSYS1 is active/active and VSYS2 is active/passive.
Thanks,
MBS
Hi there,
for a special reason I need to setup a dedicated VPN Gateway for the built in iOS/OS X VPN client. Before I start to setup a Linux System for that I would like to find out if it's possible with PaloAlto or not. In the past there was a X-A
...
Hi,
We have a cluster PA (Madrid) in version 5.0.14, and two PA in stand-alone (Singapur, Miami) in version 7.0.6.
We just commited the panorama config but we got a error in cluster PA Madrid.
Panorama in 7.0.6 can handle firewalls in version 5.0.1
...
System log fills with messages like "Failed to resolve domain name:defrxpwgklm.capco.com after trying all attempts to name server(s): 8.8.4.4 194.25.0.68". DNS without dnsproxy is working. Can i restart the dnsproxy to fix this issue?
The messages ar
...
Hello Community,
Can someone please let me know if Palo Alto have any documentation examples of setting up access to a webserver from the Internet that resides in a DMZ?
Thank you
Carlton
Hi,
We are planning to upgrade the User-ID Agent from version 6.0.6-4 to 7.0.3-13.
Three PAN-OS are running with version 7.1.1, 7.0.5-h2 and 7.0.2 use the same agent server.
Is version 7.0.3-13 will work with PAN-OS version above?
Hi All,
Recently had a client upgrade their Global Protect Agent to 3.0.0 from 2.2.2.
When connecting to the Gateway they would encounter the following message - "Server Certificate verification failed".
From 2.1.0 you had to ensure the External
...
Is it possible to use interfaces on PA-5020 as span or mirrored ports of other active interfaces on the same device?
Hi I'm attempting to implement userID on PAN-OS 7.0.6 within a multi-domain forest.
All of our workstations exist on one domain and users logging into those workstations exist on another domain within the same forest. I have the UserID agent setup
...
Hello Community,
I have set up a lab environment shown in the below below that is meant to allow access from 192.168.1.X to the sever 10.2.2.1 using static NAT ip address 192.168.1.251
I have configured everything as demonstrated in the CBT Nugg
...
BPry
on:
When logging into the community can I turn off the email a code?
BPry
on:
Cortex XDR: How to block execution of some unwanted apps
OtakarKlier
on:
Inquiries about PBF nexthop settings when the ISP is a DHCP Client
OtakarKlier
on:
Understanding URL Filtering security profiles vs Rule Action
OtakarKlier
on:
Qualys scanner blocked
OtakarKlier
on:
Split-tunnel not working properly
| User | Likes Count |
|---|---|
| 11 | |
| 10 | |
| 7 | |
| 7 | |
| 5 |
