Consequences of replacing CBC encryption with GCM on IPSec and IKE profiles

I am looking to replace all existing CBC encryption with GCM within IPSec/ IKE crypto but need to be certain that functionality will remain.

What if any impact would this have on the existing profiles if changed?

Unfortunately could not find a de

Limit IP address range bandwidth during recurring time period

Need to limit residence hall users bandwidth to Internet monday-friday 8:00 a.m. to 5:00 p.m.

The following is how it was done previously on Cisco ASA. Need to translate to PA5430.

object-group network MV_NETWORK
network-object 192.168.0.0 255.255.0

Is there any way to bulk select dynamic group matches - when i filter i need to select over 21 different matches do i really need to select each one?

What is Certificate Pinning and how to deal with SSL Decryption

Certificate pinning was developped to help prevent man in the middle attack.

But what is the Certificate Pinning?

Traditionally, SSL Handshake consists on the validation of the server’s certificate, let’s say collab.com. The validation is done us

VPN Performance over Prisma Access : slow downloads

Hi,

Can somebody tell met what you can expect from downloading a file over prisma access backbone.

Our datacenter is connected to service connection and when I try to download a 200 Mbps file from the datacenter to a remote network located in the s

LACP LINK DOWN FW PALO ALTO

Hi,

I have a customer who's firewall unexpectantly failed over recently, looking at the logs before failover LACP links appeared to fail negotiation right before which triggers failover. Unfortunately HA logs don't stretch back enough!

Looking at

end of life and support of Pa-410 device

end of life and support of Pa-410 device

Traffic hits policy with URL Category even though the traffic is not for that URL

We have several policies that permit traffic to 80/443 with no specific destination address, but with a URL category set for a specific URL.  For example, we have a post-rule for VPN users to access our internal Splunk server via the URL.

The issue

Question about upgrading to PAN-OS 11.1.6-h14

Hi There

We are currently running PAN-OS 10.2.13-h7 and are planning to migrate to 11.1.6-h14.
Before moving forward, I’d like to ask if this version (11.1.6-h14) is considered stable and safe to install, and if there are any known critical vulnerabili

Palo Alto QOS configuration question

 created the below QOS configuration to limit the bandwidth to wasabi to 10 mbps on PA 440. When I checked the QOS statistics, the default group is getting used and not the one I created and also the default group is restricted to 10 Mbps. Please gui

Script for pulling disabled rule in set format

Hi Team 
I am trying to pull the details of disabled rule in set format. I am using pan-sdk .
I can pull the complete list but not able to retrieve only rule which are disabled.
And is to possible to pull rule in "set" format or need to use XML API ?

Any

Palo Alto Firewall Migration – VSYS Consolidation

Dears,

We currently have a production environment running on two Palo Alto 5220 firewalls. We are planning to migrate to new Palo Alto 5410 firewalls.

In the existing setup, the firewalls are divided into two VSYS (Vsys1 and Vsys2). Since Vsys1 is no l