Byte swapping needed on packet captures taken from tunnel interfaces

I noticed something odd with packet captures taken involving traffic originating from a tunnel interface (used for GP VPN clients) where the Ethernet Type header was byte swapped. Meaning instead of 0x0800 it was 0x0008. The screen snips illustrate the raw exported packets from a NGFW running 11.1.4-h1. Wireshark 4.4.3 with no packet dissector/d...

Upgrade CVE-2024-0012 and CVE-2024-3393

we need to upgrade paloalto from version 10.2.9.h1 to version version 10.2.9.h19 as a CVE Remediated is this version will mitigate this two CVEs

logging for external dynamic lists?

Is there any logging for EDLs? I am looking for things like: a change in the EDL was detected errors in the EDL (invalid IPs or URLs) EDL is too large / too many entries It would be great if I could alert on any of these.

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

GlobalProtect Machine based Certificate Access

Hi Long time listener, first time caller. Since we have so many brute force attacks with GlobalProtect lately, I wanted to do machine based GlobalProtect Certificate access. Meaning we use a third party Certificate server within our environment to create Certificate and I assume this server would also be Root CA. Then push cert to all devic...

Discard a candidate configuration

How to discard a candidate configuration, I changed the order of rules by mistake and I see a commit. How do I discard it?

Allow download no upload

Can some one help me on below requirement.Need to allow users to download only of files from online-storage and backup Category and we should restrict upload.thanks

Facing issues in login to the portal

client gp_broker phase 1 failure commit failed

Hello,If someone experiences an auto-commit failure after an upgrade with the error message "client gp_broker phase 1 failure commit failed," here i provide a workaround solution :show jobs allEnqueued Dequeued ID PositionInQ Type Status Result Completed--------------------------------------------------------------------------------------2025/01...

Finding FQDNs for blocked IP's or SSL-Inspection

Once a week, someone reports having issues accessing a site. Today that issue involves a credit card processing page that is aging-out because there is no SSL inspection exception. FW Logs of course show an IP address (no URL/FQDN), and the rule to allow access or exclude from ssl inspection requires using an FQDN. The page URL in address ba...

Dual ISP setup on 1 virtual router kb issue

Hello. so I need to setup a dual ISP setup and found below kb. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLL8CAOI know there is also one using different virtual routers but for this specific setup it seems this one is a slightly better match. however 1 thing in the kb bothers me and in the past when I did this set...

PA-445 on PAN-OS 11.1.2-h3

First time posting so please bare with me. Currently running into an issue that looks like a potential bug or an issues specifically with the PA-445 model (Support Case has been submitted and is in the works; but we'll see what happens) Two different PA-445s that we've tested with have shown this issue (both PAs are on PAN-OS 11.1.2-h3). Below...