Next-Generation Firewall Discussions

Can we configure Server monitoring using OpenLDAP

Hi All,

Here i have an requirement to configure Server monitoring on Palo Alto firewall with an OpenLDAP server.

Iam a bit confused on choosing the type & transport protocol under server monitoring tab.

Is it possible to integrate the OpenLDAP

How to decrypt ESP IPSEC packet using wireshark

Sometimes you want to see how the tunnel mode encapsulation occurs, especially when using GRE over IPsec and VTI IPsec and you would like to decrypt the ESP or IPSEC packet to see how packet is encaspulated on both scenarios (GRE over IPsec and VTI I

Undestanding GRE over IPSec and VTI IPsec Encapsulation with Wireshark Packet Capture

IPSec VPN Tunnel Interface with IP Addresses

I read the following example of Site to Site VPN IPsec with static routing :

https://docs.paloaltonetworks.com/network-security/ipsec-vpn/administration/site-to-site-vpn-quick-configs/site-to-site-vpn-with-static-routing

In the figure the example

SNMP OID fan and power supply

Hello team,

i have a PA3220 with PANOS 10.1.x and I would monitor FAN and power supply status via snmp.

What are the oids for monitoring these components?

Thanks for the support

BR

Incidents contain many alert types... but why?

Hello, everyone.  Our product suite now includes receiving alerts from the NGFW, in addition to XDR.  It seems, though, that a single incident may include several different alerts.  This seems like a strange behavior, because the list of alerts come

Shared IP in the WAN Side with HA Active/Active and ARP Load Sharing

Can we confgure the Shared IP in the WAN side in HA Active/Active?

Because I read in the PAN OS Admin guide two things:

Page 410: As illustrated in the floating IP address scenario, the firewall supports a shared IP address
for ARP load-sharing on

How to deal with Zones, Layer 3 and 4 header with NAT Policy and Security Policy

suspended firewall in HA pair became active after reboot ( preempt not configured on either active or backup firewall )

Suspended firewall in HA pair became active after reboot ( preempt not configured on either active or backup firewall ).

Does anyone have any thoughts i lost about 15 seconds to hosts behind the firewall.

firewall PA-460 & version 10.2.7

thanks

ACC not showing after upgrade from 9.1.10 to 10.2.7

I just upgraded our PA 3220 from 9.1.10 to 10.2.7 last night and noticed that there is no current data under the ACC tabs. How do I fix this? 

How to decode palo alto netflow app-id from hex value

Hi,
I am sending Palo alto netflow to a Linux server. While I capture NetFlow from the server and open it on Wireshark I cannot see appid in plain text format. I only see the hex code. I have attached some screenshot below here.

Is there any way to d

SCP import file without accept host key

Is it possible that we import file using "scp import" without accept the host key? 

In ubuntu(UNIX), we can add "-o UserKnownHostsFile=/dev/null" in connection string to avoid storing host key in local machine.

I understand that PA's NGFW CLI is no

'cfg.general.need-acknowledgement-to-login': NO_MATCH

I have deployed a new VM series PA FW, however whenever I am trying to login, it is giving 'cfg.general.need-acknowledgement-to-login': NO_MATCH

Any suggestions?

SSH\SFTP Proxy

Hello,

I'm currently managing an SFTP (SSH) server.

I'm attempting to implement file blocking using the NGFW.

I've configured a decryption profile that includes "SSH Proxy".

According to the traffic logs, the "decrypt" option appears to be activate