Next-Generation Firewall Discussions

intrazone default

Hello,

I am observing that tcp connection between two hosts remaining in the same zone are not able to establish TCP connections [htts], while ICMP is successful. Tracing the traffic it shows up as application incomplete, rule intrazone default is hi

Multiple L2 interface with same vlan tags

Hello All

We are migrating our fortigate firewall to palo alto. Fortigate is configured in transparent mode

Currently we have 2 networks and both network have same vlan ID and subnet range.

We plan to configure L2 interface on Palo alto then add

Network monitor shows huge traffic spike, but can't find traffic details

Hey folks.

I had a situation today whereby one of my PA's was responding really slowly across IPSec tunnels and for Global protect clients - so once I could get onto it I started digging into the network monitor to see if I could find out if there

SSH Proxy Bock Session with Unsupported Algorithm - What are the palo alto predefined unsupported SSH algorithm and version.

Palo Alto SSH Proxy blocks ssh traffic with error message unsupported Parameters. This is because of the SSH Proxy profile. However where can I find the parameter used for this communication and what is the recommended / supported parameters/algorith

Different telemetry region in ha firewall

Firewall A

Previously Default  Device Telemetry region is America 

After sudden commit fails due to error : 'Americas' does not match lcaas region 'in' 

So i changed the telemetry to india which is present in the drop down.

Now ,

In firewall B vice v

Certificate installation on device through remote system via REST API

Folks,

As we can see on palo public API docs , Seems it does not have REST API support for certificate management.

Is anyone tried or used REST API calls for certificate management ? 

#certificate #REST-API

Impact after Changing the key size setting clears the current certificate cache.

Due to VA Scanner scan my firewall having vulnerabilities of SSL Certificate Chain Contains RSA Keys Less Than 2048 bits .

So I plan to follow below KB to change the key size.

https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/certificate-man

PA-1410 / PAN-OS 11 doesn't include many MS Root CA's

We do TLS decryption, and cutover a site to new PA-1410's running 11.0.2.  While testing MS updates on endpoints, we were getting notifications that the client couldn't contact the update server.  Looking in the decryption log, none of the calls to t

Unable to add DHCP option 132

Unable to add DHCP option 132 with a value of 41in DHCP server configuration. It is not accepting the value 0x29. Please find attached the screen capture of the configuration.

TIA

Dhiviya

PA500 not being powered on for years refuses to boot...