Chromium-based traffic issue

Hello Experts, Our client experienced a drop in internet traffic. After running tests, they detected that all traffic generated with Chromium-based browsers was being dropped by the firewall for some unknown reason. Other traffic generated by other browsers, such as Firefox or ICMP traffic, was not affected in the same way.We haven't determined ...

is there is a limit to nested app groups? (how many nested groups can be inside each other)

Licensing a Palo Alto device bought from a market place.

Hello, I purchased a PA-850 from the market place that I am trying to license. However, it seems I will have to go through the Secondary Market Policy. I am finding it difficult to register this device. Please advise on what l have to do.

S2S between PA3250 and Azure VPN Gateway -1 way traffic

HI everyone, for a long time we have had a functioning VPN gateway between our on premise 3250 and and Azure VPN Gateway. Recently, we have observed that appear to be unable to send traffic from the PA side, to Azure. Including return traffic. Here's what I am observing. The Tunnel is up. When I send traffic from the Azure Side, I see it appe...

RealNetworks RealPlayer MPG Width Integer Underflow Vulnerability - 91059

Hi Community, A MPEG file trying to sync on One Drive but is being blocked by Palo Alto. Here is the signature RealNetworks RealPlayer MPG Width Integer Underflow Vulnerability - 91059 being the reason. File is legit, what could be the reason of the block? The signature itself is based on an old CVE which has been resolved.

Firewall Policies App Dependencies Order

For app dependencies is it better to include the dependency in the policy with the dependent app each time or to make an allow rule for all dependencies first? Say I have two app policies for different apps that each use SSH. Should I include SSH in each app or set one policy above them that allows SSL?

Firewall query

I have a Meraki that has a SVI for vlan 5, 172.18.5.2 and it's trunk to a firewall that also has an SVI for vlan 5 172.18.5.1. There is a default route from Meraki pointing to 172.18.100.1 which is on the firewall. Meraki has an SVI 172.18.2.1. Server 172.18.5.76 is unable to reach IDRAC 172.18.2.75 via https though ANY is allowed on firewall. I...

Can Policy-Based Forwarding be detected with the following OIDs?

I have set up Policy-Based Forwarding on PA-220. We would like to be able to detect alerts on the monitoring server side via SNMP trap when a ping drops and the path switches in Path Monitoring.Can the following OIDs be used for detection? panPBFNhUpTrap: 1.3.6.1.4.1.25461.2.1.3.2.0.1100 panPBFNhDownTrap: 1.3.6.1.4.1.25461.2.1.3.2.0.1101

Failed to Validate Client Certificate" Error with User ID Agent

Hi Community, We’re encountering an issue with our Windows-based User ID Agent installed on the server. Specifically, we're receiving the error message: "Failed to validate client certificate: No connection found." Here’s what we’ve tried so far to resolve the issue: Verified Certificate Locations: Checked Device > User Identification &gt...

Licensing issues

Hello, I purchased a PA-850 with from the marketplace that I am trying to license. However, it seems I will have to go through the Secondary Market Policy. I am finding it difficult to register this device. Please advise on what l have to do.

Transfer license

Is anyone having issues transferring license from one device to another even if it is the same model? We had one device (an 820) that started experiencing issues and the license had just been renewed. We then moved another 820 to that location with a license that expires within a month, but when we tried/requested to transfer the new license to ...

PA outbound security policy - Terraform to AWS console

We have an on-prem dev environment with outbound access through a PA-3220 running 11.0.4-h6. We are trying to craft a rule to allow an on-prem src to connect to AWS console to run terraform scripts.We've tried using application type amazon-aws-console with and without the web+ssl dependencies. Also tried restricting it to just http+https with ...