Next-Generation Firewall Discussions

I am curious about the processing method in terms of hardware architecture.

Hi

I recently compared the H/W architecture of the PA-3200 series and the PA-3400 series and had a question.

Looking at the architecture below, it appears that N/W and Security Processing, which were previously separate, have been merged into o

error in placement of IPS diagram

this picture shows the IPS before the firewall  : https://www.paloaltonetworks.com/cyberpedia/firewall-vs-ids-vs-ips#ips

BUT in the matrix below
you state that an IPS is: 
 Positioned right after the firewall, before the internal network.

Thanks for the

CPU issues on PA-3410

Hi Team,

Need some help with respect to below query:

Issue - We are using PA-3410 in our environment. We are monitoring this device using Logic Monitor tool. Our monitoring team states that they monitors CPU and memory utilization for Palo Alto d

GlobalProtect portal allows a user to download the software without logging when we manipulate the URL

when we manipulate the URL and change the path of URL:

       Form:

                https://{IP/FQDN}/global-protect/login.esp

      To

                https://{IP/FQDN}/global-protect/getsoftwarepage.esp.

 it's return the download page, please can

SSL policy rule and needed match application values

Hello,

I have a quick question in regards to SSL decryption and policy match values.

If I have SSL decryption, and I want to allow 'facebook-chat' for example, I know a policy rule with the app facebook-chat and it's dependencies 'facebook-base,mqtt-

Observing Internal error logs on Global Protect SAML Auth

Recently observing below logs very frequently 

"Reason: Internal error, e.g. network connection, DNS failure or remote server down. auth profile 'Azure', vsys 'vsys1', From: x.x.x.x"

Any idea

GlobalProtect

Please check the Max Decrypt session value of PA-3410.

Hello

I'm curious about the number of SSL Decrypt sessions for PA-3410.

I could see this on the product comparison site before, but I can't see it now.

A customer using Decrypt wants that information.

It's not even in the spec sheet or data sheet, where

Rule UUIDs Always Change

Greetings Community! 

Apologies if this has been answered in a previous thread- I couldn't find anything... 

When exporting configuration files from PA-3220 I have noticed that sometimes the rule UUIDs are different than the previous config dump

Global Protect Custom Setup

Hi Guys 

I have 5 separate GP Captive Portals and I want to make a custom setup for all of them separately. I will deploy them separately from the network.

Can we change the global protect msi package?

I heard it can be done from Expedition, is it

PA-7000 global routing resources

Hi,

We have a PA-7000 which is approaching a global routing resource usage of 32000 IPv4 routes. We do not use IPv6 at all so is it possible to re-allocate the 32000 routes set aside for IPv6 to the IPv4 table?

Thanks.

Paul.

TS-agent integration with User-id agent

Hello Community,

Can we integrate Palo Alto Terminal server agent with Palo alto User-id Agent without the terminal server agent (TS-agent) being integrated with the firewall directly?

Thanks in advance for your help

PANXAPI automated adding and removing of users and their records such as ip-address and so on

Hi everyone,

Is automated adding and removing users and users information in PA is possible uisng panxapi.py

UserID certificat expiration 18 November

For these devices in version 11.03h2 and using the users-id functionality
Panorama VM
PA 400
PA 1450
VM series 

Regarding the expiration of the user-id certificate on November 18, 2024
Is the PAN-OS version impacted?

Thank you