Next-Generation Firewall Discussions

Zone protection profile

Hi All,

I'm planning to implement Zone protection on outside interfaces using Strict IP Address Check" or only "Spoofed IP address" in the packet based attack protection of the zone protection profile. Does it drop legitimate traffic as per below poi

How to actually get support?

Purchased a pair of PA-1410's last month.  Within 3 days one of the power supplies was dead.  Account rep said submit a tac case, but the device isn't showing up in the portal so i'm blocked there.  Tried calling the support number which sent me here

upgrade path

Greetings,

I am currently running 10.2.10-h3 and looking to go to 11.1.4-h7.

I understand I need to pre-load but not install 11.1.0 - correct?

I am also running sd_wan 3.0.3 and am contemplating going to 3.3.2.

My understanding is the upgrade path

Global Protect software interoperability

hello all

I am trying to understand the behaviour of the GP software after a firewall upgrade 

for example what if the firewall is upgraded to software that is no longer compatible with the GP software 

Q will the GP software auto upgrade ?

Forward Proxy & SSL Inbound Inspection Certificate Comparasion

Hello,

1- The CA and Keys checkboxes in the Certificates section of Palo Alto Firewall should always be selected? respectively the certificates used for Forward Proxy and SSL Inbound Inspection should always have CA selected and Keys imported?

2- We us

Prefered version

Hello,

Could you please confim the preferred version that integrates the November 18, 2024, security fix for the Palo Alto 3220 appliances ?

Thank you.

Software Version 11.1.5-h1

Hello,

We are experiencing packet loss, and the IPsec tunnels are going down on the following version and model:

• Software Version: 11.1.5-h1
• Model: PA-1420

After restarting the firewall, it resumes normal operation.

I want to know, this version is

Recent 0-Days (Watch Towr Labs findings)

We have been a client of Palo Alto's for years, but given this report and the recent 0 days are not as committed to staying with the company in the upcoming refresh.  Has their been any guidance from Palo Alto on how they intend to address, what appe

40G ports flap in PA 3430

Hi, 

We are facing uplink issues between PA 3430 40G to Cisco Cat 9407R VSS.

Tried the below,

distinguish and segregated ssh and sftp traffic

I have a requirement wherein ihave to allow the ssh access to few admins and sftp access to users all sitting in the subnet. How i can apply and allow since both works on port 22.

Thanks

Ansible Galaxy - panos - not ready for advanced routing

When will the Ansible Galaxy be ready for advanced routing? For instance on the module: panos_interface there is no option to choose the Logical router, only virtual router.

Citrix (Terminal services) UserID Deployment

Hello everyone,
I would like to deploy UserID Terminalservices Agent in a Citrix environment.
There are approx 30 servers deployed from the same Master Image.
I have TA successfully running on dedicated (non-Citrix) Terminalservers with Certificates gen

Prevent bypassing captive portal?

We are in an environment where we have captive portal (with MS SSO) but users are able to get around the authentication redirects via VPN.

We'd like to ensure that the only traffic that is allowed by unauthenticated users on this network is traffic

Palo Alto DHCP Relay Stops Working After Reboot

After rebooting the firewall due to a power activity, we noticed that the DHCP relay stopped working. We could see the DHCP Discover and Offer messages in Wireshark, but the firewall’s DHCP relay did not seem to function properly.

The firewall was ru