Next-Generation Firewall Discussions

Resolved! Pn commit and push affect the local candidate configuration of the wall

The customer has a vm-300 that is configured through panorama management and configure.

An accident occurred where the administrator configured a nat police configuration on the vm-300 August 22,

, but there was no commit and no task modifications we

...

Network monitor shows huge traffic spike, but can't find traffic details

Hey folks.

I had a situation today whereby one of my PA's was responding really slowly across IPSec tunnels and for Global protect clients - so once I could get onto it I started digging into the network monitor to see if I could find out if there

...

SSH Proxy Bock Session with Unsupported Algorithm - What are the palo alto predefined unsupported SSH algorithm and version.

Palo Alto SSH Proxy blocks ssh traffic with error message unsupported Parameters. This is because of the SSH Proxy profile. However where can I find the parameter used for this communication and what is the recommended / supported parameters/algorith

...

Different telemetry region in ha firewall

Firewall A

Previously Default Device Telemetry region is America

After sudden commit fails due to error : 'Americas' does not match lcaas region 'in'

So i changed the telemetry to india which is present in the drop down.

Now ,

In firewall B vice v

...

Certificate installation on device through remote system via REST API

Folks,

As we can see on palo public API docs , Seems it does not have REST API support for certificate management.

Is anyone tried or used REST API calls for certificate management ?

#certificate #REST-API

Impact after Changing the key size setting clears the current certificate cache.

Due to VA Scanner scan my firewall having vulnerabilities of SSL Certificate Chain Contains RSA Keys Less Than 2048 bits .

So I plan to follow below KB to change the key size.

https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/certificate-man

...

Resolved! How can I run a curl from PAN OS?

Hi;

How can I run a curl command from PAN OS NGFW? say to some web-site. I have tried but it seems like curl is not supported.

Also, it would be great to see if the curl request can be initiated from a specific IP Address on the PAN OS NGFW?

Th

...

PA-1410 / PAN-OS 11 doesn't include many MS Root CA's

We do TLS decryption, and cutover a site to new PA-1410's running 11.0.2. While testing MS updates on endpoints, we were getting notifications that the client couldn't contact the update server. Looking in the decryption log, none of the calls to t

...

Resolved! Dual ISP mapped to two different VR route, ISP Failover is not working

Hi team,

Will ISP failover work, if 2 ISPs are mapped to two different VR routes? If no please say the workaround apart from changing the VR route to single.

Thanks and regards,

Akash Thangavel

Network Security Engineer

Unable to add DHCP option 132

Unable to add DHCP option 132 with a value of 41in DHCP server configuration. It is not accepting the value 0x29. Please find attached the screen capture of the configuration.

TIA

Dhiviya

Resolved! NEW PA3410 Run PanOS 10.2 or 11.0.2 traffic slow

Web browsing has become very slow since we built the new PA3410
does anyone have the same problem?

PA500 not being powered on for years refuses to boot...

Hi,

The other day I powered up our #PA500 which has been stoiwed away for some years. I was able to do a factory reset by using CLI via the serial port

However unortunately it refuses to boot correctly, yelling about not being able to start or a

...

Error upgrade to 11.0.2

I'm in the process of updating my firewall but I get this error when I upgrade to 11.0.2

QOS not working well

I have limited the total download bandwidth of an intranet host to 60M on the firewall, but the actual bandwidth exceeds 60M. Why is this? Is PA QOS not doing well enough?

Resolved! HA1 and ha2 functions

Hello All,

Can we use dedicated HA2 port for redundancy or to handle HA1 port function in case HA1 goes down or vice versa.

Regards,

Vishal

Discussions

Resolved! Pn commit and push affect the local candidate configuration of the wall

Network monitor shows huge traffic spike, but can't find traffic details

SSH Proxy Bock Session with Unsupported Algorithm - What are the palo alto predefined unsupported SSH algorithm and version.

Different telemetry region in ha firewall

Certificate installation on device through remote system via REST API

Impact after Changing the key size setting clears the current certificate cache.

Resolved! How can I run a curl from PAN OS?

PA-1410 / PAN-OS 11 doesn't include many MS Root CA's

Resolved! Dual ISP mapped to two different VR route, ISP Failover is not working

Unable to add DHCP option 132

Resolved! NEW PA3410 Run PanOS 10.2 or 11.0.2 traffic slow

PA500 not being powered on for years refuses to boot...

Error upgrade to 11.0.2

QOS not working well

Resolved! HA1 and ha2 functions

CVE-2024-9474 PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface

BGP on 3220 series

User-ID Self-Signed Certificate expires in Agentless User-ID?

Threat Prevention License for PAN OS upgrade

[China] Can't get device certificate on PA440

Re: CVE-2024-9474 PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface

HA Configurations in Strata Cloud Manager (SCM) with NGFW.

Re: Captive Portal

Re: Security Policy for SSL & Web-Browsing only

Re: Upcoming November 18, 2024 Deadline for NGFW User-ID and Terminal Server (TS) Agent Certificate Expiration

Unlock your full community experience!

Resolved! Pn commit and push affect the local candidate configuration of the wall

Resolved! How can I run a curl from PAN OS?

Resolved! Dual ISP mapped to two different VR route, ISP Failover is not working

Resolved! NEW PA3410 Run PanOS 10.2 or 11.0.2 traffic slow

Resolved! HA1 and ha2 functions