Next-Generation Firewall Discussions

saml-message-parse-error

Hi,

I saw this alert on our corporate firewall ; 'Failed to convert SAML message payload into xml tree', as a high level,

Is there anyone to explain what this means and what this situation effects to our SAML vpn configurations?

Please inform to

Decrypt log missing in list of logs

I spent several hours yesterday trying to get decryption working.  Everything kept coming back to being able to view the decryption log under Monitor>Logs>Decryption.  However, my Palos did not have a "Decryption" option under Logs, and I could not f

Not seeing IP addresses in User ID Agent

Have user ID agent loaded on AD server and all shows connected, but in Monitoring I see no users or IP addresses

Error: update_rlog_mgmtsrvr_fwd_stats(panDeviceLogging_access.c:710): panDeviceLoggingMIB update_rlog_mgmtsrvr_fwd_stats(): No sysd node found

Hello community,

 I have encountered the SUBJECT error while t-shooting a SNMP connectivity issue on a PA-220. searching the internet I have not found a similar message anywhere therefor I thought I'd reach out to see if anyone can help with figuri

Not able to check now new content for dynamic updates

We are trying to update dynamic updates but unable to do so. 
I show errors as attached when tried to check online. 
Also, we tried using manual upload but it keep trying to upload without success. 
Please advise if anything we can do.

SSL No-Decrypt issues

Hello,

I'm testing on two different versions of PAN-OS (11.0 and 11.1).  There's a couple of issues I'm noticing with decryption/no-decryption.  I have a profile setup for no-decrypt in which healthcare-and-medicine is a category that isn't supposed

Incorrect Geolocation classification

We have a user trying to connect with Global Protect from South Africa on IP 102.22.126.232
This IP belongs to an ISP in South Africa, and is matching correctly on https://ipinfo.io/102.22.126.232 to be in Cape Town

However, when looking up the IP loc

Packet Capture is getting on automatically in Palo Alto firewall

Hi Friends,

We have a customer who is facing issue with Packet Capture. Due to few MP Issues we have asked the customer to reboot the firewall. After reboot customer has observed that in Packet Capture the options Filtering and Pre-Parse Match is t

HIP Check on Patch Management

I want to check if we can block connections if a device is missing critical patch (released May 2024) or any other critical patches within the last n months (where n is a user-defined timeframe).

Can this be achieved with HIP configuration?

VPN over Multiple ISP connections

Hi,

I am new to the PA world and I have the following design been given to setup. I am trying to find the best way to do this. I have done in Fortinet by creating SDWAN interface and it worked but not sure if Palo has the same kind of setup. If som

Log Retention for PA-1400

Hi,

Specifically for PA-1420, I aware the storage capacity is 240GB. Is there anyway I can know the duration of log retention for 700 users?

From what I understand, log retention is affected by the space on disk, not on the number of user. When y

Send File to CDL Receiver Failed

Hi all,

I have a PA-440 currently at 10.2.7-h3. 

After performing PAN-OS upgrade, there is an error on telemetry stating "Send File to CDL Receiver Failed". 

I found a similar article and applied the suggestion by retrieving the license key