Dynamic IP at Spoke site in PAN-OS SD-WAN Hub/Spoke topology

Hi

I am new to PAN-OS SD-WAN and need to clarify Internet service requirement at new spoke site.

My client has PAN-OS SD-WAN hub-and-spoke topology, the hub PA firewall has a static public IP for its internet service.

All spoke PA firewalls also use st

Bootstrap 4.3 reaching EOS

Hello community,

we have been informed that Bootstrap 4 is reaching EOS and this could cause a vulnerability, and I would like to know if there is any information about which firmware version uses this ?

Is it a real potential threat?

Thanks in a

Concerns of Firewall 5250 dropping packets and enabled DSRI (Disable Server Respponse Inspection) relieve issues for a few hours but came back

Good evening,

  Working with one of the top Microsoft engineers today who performed numerous wireshark traces regarding huge concerns that Palo Alto Firewall 5250 firewall was dropping packets.  Identified exact time and sequence as well as size of p

In PAN version 9, public IP addresses and the VPN were accessible from the Intranet.

Hello everyone,

I have a question: In PAN version 9.0, public IP addresses and the VPN were accessible from the Intranet. However, now that it has been updated to versions 10 and 11, access is no longer possible.

Why did this happen, or is there anyt

Consequences of replacing CBC encryption with GCM on IPSec and IKE profiles

I am looking to replace all existing CBC encryption with GCM within IPSec/ IKE crypto but need to be certain that functionality will remain.

What if any impact would this have on the existing profiles if changed?

Unfortunately could not find a de

Limit IP address range bandwidth during recurring time period

Need to limit residence hall users bandwidth to Internet monday-friday 8:00 a.m. to 5:00 p.m.

The following is how it was done previously on Cisco ASA. Need to translate to PA5430.

object-group network MV_NETWORK
network-object 192.168.0.0 255.255.0

Is there any way to bulk select dynamic group matches - when i filter i need to select over 21 different matches do i really need to select each one?

What is Certificate Pinning and how to deal with SSL Decryption

Certificate pinning was developped to help prevent man in the middle attack.

But what is the Certificate Pinning?

Traditionally, SSL Handshake consists on the validation of the server’s certificate, let’s say collab.com. The validation is done us

VPN Performance over Prisma Access : slow downloads

Hi,

Can somebody tell met what you can expect from downloading a file over prisma access backbone.

Our datacenter is connected to service connection and when I try to download a 200 Mbps file from the datacenter to a remote network located in the s

LACP LINK DOWN FW PALO ALTO

Hi,

I have a customer who's firewall unexpectantly failed over recently, looking at the logs before failover LACP links appeared to fail negotiation right before which triggers failover. Unfortunately HA logs don't stretch back enough!

Looking at

end of life and support of Pa-410 device

end of life and support of Pa-410 device

Traffic hits policy with URL Category even though the traffic is not for that URL

We have several policies that permit traffic to 80/443 with no specific destination address, but with a URL category set for a specific URL.  For example, we have a post-rule for VPN users to access our internal Splunk server via the URL.

The issue