Azure SAML authentication: validate identity provider certificate. (best pratices)

Hi,

We have configured SAML on our portal and gateway.  By default Microsoft generates a self signed certificate that is valid for 3 years for every Enterprise application you create.

Is this secure enough to use the default self signed one and not v

Cisco ASA to Palo Alto migration issue

Hi

i'm working on a new projet where will change the current Cisco ASA firewall by an Palo alto network 440 so we are using Expeditio tool to move the configuration

on the existing configuration, our customer use policy based routing to route tra

firewall capture feature packet size Exceed interface default mtu

Customer firewall 3220, version: 10.2.4

Firewall interface mut defaults to ：1500. Jumpo function not enabled。

Question 1: When a firewall receives a TCP packet with a load of 1800 bytes (the df bit of the packet is not set),

I understand that the fir

someone recommend a way to create a VPN pre-login in Linux

Hello. Can someone recommend a way to create a VPN pre-login in Linux Ubuntu or Fedora? Thank you.

How Palo Alto NGFW Prevent Unknow CVEs?

Dear Team,

I hope all of you are doing well.

I have one question. How can PA prevent an unknown CVE on NGFW?

Why I brought up this question is because I saw that from one vendor to another, they have different CVE numbers and IDs.

I was wondering

Advanced Wildfire Allowing High Severity Verdicts but blocking Informational

Hi

I have Advanced Wildfire in our Lab env and have noticed something very odd, when the firewall is submitting any files to Wildfire if they are returning "informational" they are blocked, if they are returning Malicious and "High" the action is a

Bytes sent by Firewall is too high and it looks like a wrong display only?

Hi  everyone!

Greetings to all. I was just curious since I've been seeing traffic logs packets which are Gb's and Tb's in size. I am not sure if this is a wrong display but I am pretty sure there was no such traffic in my network.

I am currently ru

PA 850 10G SFP Ports to Cisco 3650 1G SFP Port Cross Connect Will Work

Hi All

I have PA850 with 10G SFP ports and cisco 3650 switch with 1G SFP ports. I want to cross connect will it work ? If yes can i buy 2 1G SFP module for switch and 2 10G SFP module for firewall and use ?

i can‘t commit after upgrading to 11.0.2 version

hi, i can't commit after upgrading 11.0.2 version from 10.2.X, 

For testing purposes, I changed any of the small options and did not make any other changes, but I cannot commit them。

tip:

   Details Partial changes to commit:

changes to configuration

Plao interfaces are down in Vmware work station

Hi 

I have installed Plao in VMware workstation and I can access the device From GUI and CLI but only through the management interface.
Other interfaces are showing down, how to fix this?

Can Palo notice and react to a flapping Internet link?

Hi All,

We have simple setup, when firewall is connected over physical interface to a L2 switch, while L2 switch is connected to 2 CPEs of different ISPs. Obviously, next hop for our firewall going out is an interface of the CPE. We are tracking de

installing minemeld Ubuntu 20.4

Cant seem to get this to work using these links:

https://github.com/PaloAltoNetworks/minemeld-ansible

https://github.com/PaloAltoNetworks/minemeld?tab=readme-ov-file

Anyone been successful getting this installed on Ubuntu 20.4?