How Palo Alto NGFW Prevent Unknow CVEs?

Dear Team,

I hope all of you are doing well.

I have one question. How can PA prevent an unknown CVE on NGFW?

Why I brought up this question is because I saw that from one vendor to another, they have different CVE numbers and IDs.

I was wondering

Advanced Wildfire Allowing High Severity Verdicts but blocking Informational

Hi

I have Advanced Wildfire in our Lab env and have noticed something very odd, when the firewall is submitting any files to Wildfire if they are returning "informational" they are blocked, if they are returning Malicious and "High" the action is a

Bytes sent by Firewall is too high and it looks like a wrong display only?

Hi  everyone!

Greetings to all. I was just curious since I've been seeing traffic logs packets which are Gb's and Tb's in size. I am not sure if this is a wrong display but I am pretty sure there was no such traffic in my network.

I am currently ru

PA 850 10G SFP Ports to Cisco 3650 1G SFP Port Cross Connect Will Work

Hi All

I have PA850 with 10G SFP ports and cisco 3650 switch with 1G SFP ports. I want to cross connect will it work ? If yes can i buy 2 1G SFP module for switch and 2 10G SFP module for firewall and use ?

i can‘t commit after upgrading to 11.0.2 version

hi, i can't commit after upgrading 11.0.2 version from 10.2.X, 

For testing purposes, I changed any of the small options and did not make any other changes, but I cannot commit them。

tip:

   Details Partial changes to commit:

changes to configuration

when I configure custom option 6 on DHCP, will it be over rides the primary and secondary DNS?

Plao interfaces are down in Vmware work station

Hi 

I have installed Plao in VMware workstation and I can access the device From GUI and CLI but only through the management interface.
Other interfaces are showing down, how to fix this?

Can Palo notice and react to a flapping Internet link?

Hi All,

We have simple setup, when firewall is connected over physical interface to a L2 switch, while L2 switch is connected to 2 CPEs of different ISPs. Obviously, next hop for our firewall going out is an interface of the CPE. We are tracking de

installing minemeld Ubuntu 20.4

Cant seem to get this to work using these links:

https://github.com/PaloAltoNetworks/minemeld-ansible

https://github.com/PaloAltoNetworks/minemeld?tab=readme-ov-file

Anyone been successful getting this installed on Ubuntu 20.4?

File Blocking block/continue issue

Hi everyone, I'm trying to setup fileblocking on PanOS 11.0.2-h1 and I'm facing strange behaviors. With some sites I get block or continue page, and DataFiltering logs. With others, I get an empty file download for both continue or block actions and

Known issue (Issue ID: PAN-227368) with version 11.0.2. Will it be solved by 11.1.0-h2 to upgrade?

Change    : We have upgrade to  11.0.2 post upgrade facing below issue. 
Issue ID: PAN-227368

Issue Statement :     The GlobalProtect app cannot connect to a portal or gateway and GlobalProtect Clientless VPN users cannot access applications if authen

Policy commit failures due to profiles exceeding platform capacity using version 10.1.8-h2

We have not updated the number of profiles and have been successfully committing policy for probably a year with this same number of policies, but all of a sudden we are not able to commit policy pushes either from gui or cli.

We have gone through

Interface migration to fiber over SFP 10G

Hello team,

I have a Palo Alto 3220 cluster that is connected to a CORE switch over ethernet and I need to migrate that connection to fiber over SFP 10G converter.

I am trying to define a procedure to migrate with no downtime and I had thought to s

Packets dropped: forwarded to different zone

We have a PaloAlto firewall that we have configured differrent zones, everything is working fine, except for a specific traffic between IP 10.40.129.49 and 172.26.2.58.  The 10.40.129.49 is located on a subnet directly in a zone defined on the firewa