Is there a way to allow LDAP StartTLS While blocking normal unencrypted LDAP?

Is there a way to allow LDAP StartTLS While blocking normal unencrypted LDAP?

Custom URL category matching

Hello,

I'm trying to block a domain but allowing specific URL.

like:

test.com/ - block

test.com/test - allow

I made two custom categories and rules, first rule for allowing "test.com/test" and second rule for blocking "test.com"

The connection is h

10.1.11-h1 broken on PA-410

Just lost 2 devices far away from home, seems to be the same bug described in https://www.reddit.com/r/paloaltonetworks/comments/17rjzfm/pa410_10111h1_no_ethernet/

440s and 3220s running fine with 10.1.11-h1. Is there no one at Palo testing their H

Create csv file for fqdn ip resolutions

Hi All

I'm busy trying to extra IP's from my fqdn addresses.
Wondering if i could get some guidance.
I've done the set address

What i'd like to get out of this is resolution IP's for this fqdn.
As i don'

Missing Port-Channels and Subinterfaces in ASA Migration

I am currently working on a project involving the migration of an ASA firewall. However, I have encountered an issue during the import process. After importing the configuration file, I have noticed that the port-channels and subinterfaces from the s

Info about the vulnerabilities and the possible remediations for them.

Dear All,

I hope you could help me with the query I could not find answer.

The customer is asking for the remediation of the detected vulnerabilities, which I've already researched and found some info about that I've grouped below:

Client Side Testi

updating ntp server from old to new IP Addresses

Hello Experts,

can you please help me with the query below?

We have 2 Palo Alto NGFW in high availability and currently it is being managed via panorama. recently my organization has decided to decommission old ntp servers due to some issues. The

LDAP Authentication Profile for non-local users

Hi Team,

I am trying to use LDAP as an Authentication Profile for non-local users.
I am aware of guide on "Device > Authentication Settings > Authentication Profile" that states "Only RADIUS, TACACS+ and SAML methods are supported".

Nevertheless, I have

Replacement for 3200 Series FW

Hi Everyone,

Can someone guide on the new replacement series of 3200 as it has come to end of sale.

Regards,

User-ID implementation and the impact on network

We are planning to run user IDs on our PA-5200 series firewalls.
I see the factors determined in https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClpICAS that we have to take in account but do not see any definitive answers.

W

Palo Alto Cluster Upgrade

Hi All,

Our current setup is We have Active/Passive on main dc and standalone fw on DR site. Configured as Cluster.

It is identified that the DR site is affected by a certain CVE, and it is recommended for upgrade. But we also wish to upgrade the