Next-Generation Firewall Discussions

F5 WAF risk assessment

I got request to do f5 WAF risk assessment for my environment, do you have any suggestions how should i do 
Any documents/steps/url that i can follow to do the same.

Lacp Issues Peer Not Detected

Hello Dear Forum.

we are running 2 pa-3320 in Ha Actiave/passive mode 

both of which have aggregated ports.

recently we've moved our server room to a different room and

have reconfigured some of out network components. 

after reconnecting every

External Dynamic

Hello i uploaded certificate from EDl url (i tested it and its valid) and made certificate profile then made a EDL  wrote source url certificate profile and password .But i see url access error.Im sure url and password is correct.Pls help how i can s

saml-message-parse-error

Hi,

I saw this alert on our corporate firewall ; 'Failed to convert SAML message payload into xml tree', as a high level,

Is there anyone to explain what this means and what this situation effects to our SAML vpn configurations?

Please inform to

Decrypt log missing in list of logs

I spent several hours yesterday trying to get decryption working.  Everything kept coming back to being able to view the decryption log under Monitor>Logs>Decryption.  However, my Palos did not have a "Decryption" option under Logs, and I could not f

Not seeing IP addresses in User ID Agent

Have user ID agent loaded on AD server and all shows connected, but in Monitoring I see no users or IP addresses

Error: update_rlog_mgmtsrvr_fwd_stats(panDeviceLogging_access.c:710): panDeviceLoggingMIB update_rlog_mgmtsrvr_fwd_stats(): No sysd node found

Hello community,

 I have encountered the SUBJECT error while t-shooting a SNMP connectivity issue on a PA-220. searching the internet I have not found a similar message anywhere therefor I thought I'd reach out to see if anyone can help with figuri

Not able to check now new content for dynamic updates

We are trying to update dynamic updates but unable to do so. 
I show errors as attached when tried to check online. 
Also, we tried using manual upload but it keep trying to upload without success. 
Please advise if anything we can do.

SSL No-Decrypt issues

Hello,

I'm testing on two different versions of PAN-OS (11.0 and 11.1).  There's a couple of issues I'm noticing with decryption/no-decryption.  I have a profile setup for no-decrypt in which healthcare-and-medicine is a category that isn't supposed

Incorrect Geolocation classification

We have a user trying to connect with Global Protect from South Africa on IP 102.22.126.232
This IP belongs to an ISP in South Africa, and is matching correctly on https://ipinfo.io/102.22.126.232 to be in Cape Town

However, when looking up the IP loc

Packet Capture is getting on automatically in Palo Alto firewall

Hi Friends,

We have a customer who is facing issue with Packet Capture. Due to few MP Issues we have asked the customer to reboot the firewall. After reboot customer has observed that in Packet Capture the options Filtering and Pre-Parse Match is t

HIP Check on Patch Management

I want to check if we can block connections if a device is missing critical patch (released May 2024) or any other critical patches within the last n months (where n is a user-defined timeframe).

Can this be achieved with HIP configuration?

VPN over Multiple ISP connections

Hi,

I am new to the PA world and I have the following design been given to setup. I am trying to find the best way to do this. I have done in Fortinet by creating SDWAN interface and it worked but not sure if Palo has the same kind of setup. If som