XXF and building Security Policy

Hi all, 

I would like to know how I would go about creating security policies based of the XFF headers please, any help would be appreciated.  

I have read the documentation and I have to enable the XFF header 

SSL and TLS vulnerabilities

Hi Team,

We have to 2 Paloalto VM firewall running active-passive mode in AWS.

As a part of internal Pentest we go the below findings for the Active and passive firewall nodes. The result refers to SSL and TLS vulnerabilities.

Could you please suggest o

PA-450 shutdown not working and device get rebooted after sometime .

Hello

I have issued the "request shutdown system" to our PA-450, but we didn't unplug the power immediately.

After 10 minutes, the system get rebooted.

Base on the KB(How to Perform a Graceful Shutdown ), the system should be in halted state,

Azure SAML authentication: validate identity provider certificate. (best pratices)

Hi,

We have configured SAML on our portal and gateway.  By default Microsoft generates a self signed certificate that is valid for 3 years for every Enterprise application you create.

Is this secure enough to use the default self signed one and not v

Cisco ASA to Palo Alto migration issue

Hi

i'm working on a new projet where will change the current Cisco ASA firewall by an Palo alto network 440 so we are using Expeditio tool to move the configuration

on the existing configuration, our customer use policy based routing to route tra

firewall capture feature packet size Exceed interface default mtu

Customer firewall 3220, version: 10.2.4

Firewall interface mut defaults to ：1500. Jumpo function not enabled。

Question 1: When a firewall receives a TCP packet with a load of 1800 bytes (the df bit of the packet is not set),

I understand that the fir

someone recommend a way to create a VPN pre-login in Linux

Hello. Can someone recommend a way to create a VPN pre-login in Linux Ubuntu or Fedora? Thank you.

How Palo Alto NGFW Prevent Unknow CVEs?

Dear Team,

I hope all of you are doing well.

I have one question. How can PA prevent an unknown CVE on NGFW?

Why I brought up this question is because I saw that from one vendor to another, they have different CVE numbers and IDs.

I was wondering

Advanced Wildfire Allowing High Severity Verdicts but blocking Informational

Hi

I have Advanced Wildfire in our Lab env and have noticed something very odd, when the firewall is submitting any files to Wildfire if they are returning "informational" they are blocked, if they are returning Malicious and "High" the action is a

Bytes sent by Firewall is too high and it looks like a wrong display only?

Hi  everyone!

Greetings to all. I was just curious since I've been seeing traffic logs packets which are Gb's and Tb's in size. I am not sure if this is a wrong display but I am pretty sure there was no such traffic in my network.

I am currently ru