Next-Generation Firewall Discussions

Windows User-ID Agent Disconnect After Failover

Hi All,

I have a customer who had an issue with the WMI using agentless User-ID due to Microsoft security update.

We decided to move to Windows User-ID Agent installed on a domain member Windows Server 2016.

PAN OS 10.2.2 and installed agent version

...

Palo Alto and Forescout

Hi,

I have both Paloalto firewall and Forescout in our organization. This is my current setup.

1.) Forescout handling the grouping for our wireless devices (BYOD).

2.) Paloalto policy is incorporated through user mapping (Active Directory)

4.) I al

...

Resolved! what is the Latest app and threat version after 8671-7826?

I would like to know what is the latest app and threat version after 8671-7826.

When I do dynamic updates , It doesn't show any new version after 8671-7826.

It seems Palo alto didn't release any new version last week.

Could you help me make s

...

Resolved! URL Filtering Error

Hi All,

We are getting an error as "Hmmm... can't reach this page" site's server ip could not found.

And other page is also getting the same error.

Is this a known error? I can see the logs with the IP resolved so i dont think this should be DNS issu

...

bundle gre tunnels and distribute internet traffic across them

Has anyone had a location with more than 1Gbps internet link and also have Zscaler? The limitation to Zscaler is 1Gbps gre tunnel. We have a 10Gbps link and this doesn't work. We have to create 5 nats across 2 routers behind a firewall to build 10 GR

...

Integration of Palo Alto Firewall with Cortex XDR

Hello All,

I need to integrate Palo Alto Firewall with Cortex XDR to get better insights of threats on Cortex console. Please help me with the documentation and what are the license requirement.

Cortex XDR

Thank you.

Regards,

Ninad Ghadigaokar

Resolved! Palo Alto in Virtual wire vs TAP mode.

Hello,
Just wanted to confirm my understanding on the different modes of deployment in PA.
Virtual Wire is an INLINE mode ( similar like IPS) and TAP mode is a passive monitoring mode.
So does that mean if I find an unlocked rack somewhere and I were

...

Outlook web excessive bandwidth usage

Hello,

We recently noticed starting last few weeks that application (outlook-web-online) had a massive data being sent and saturating our internet link.

This looks to be across the network as we can identify multiple users with same application t

...

Resolved! Firewall whitelist

If I add whitelist for firewall, will IPS not defend against the IP or URL in the firewall whitelist?

The customer accesses a Website, HTTPS 443, and the traffic log finds that the application is identified as QUIC, not SSL

Have you encountered this phenomenon and how should you solve it?

OID for network bandwidth usage in kbps

Hello,

Would you please provide us with the OID for the network bandwidth usage in kbps for specific interface using SNMP v3 in below Firewall:

Firewall Type: Palo Alto
Firewall Model: PA-440

Thank You,

Nassim

User insertion fail with keep alive header enable

Hi team,

I have inbound ssl decryption enabled with User Insertion feature enabled too. It is working fine, however when I make a POST request from Postman Application with header "Connection" and value "keep alive" is present the user insertion fa

...

Site to Site RSA_verify failed , error rsa routines (PaloAlto to checkpoint SMB)

trying to establish S2S VPN between Palo Alto 850 and Checkpoint SMB

Certificate based authentication (MS enterprise CA)

The ikev2 is complaining :

====> Initiated SA: XXX.XXX.XXX.XXX[500]-YYY.YYY.YYY.YYY[500] SPI:dcb4c37f6f955782:0898ce67edab9913

...

Policy Based VPN

All,
We are migrating Policy based VPN's from Juniper Netscreen to Palo-Alto firewall. Please let us is Policy based VPN will be supported in palo-Alto , if not how we need migrate the Policies of Policy based VPN.

Whatsapp File transfer Block

i work as a security specialist engineer at a moderate
enterprise.
recently my superiors have asked me to block whatsapp file transfer only(meaning chat would still work).
however i've tried anything using our Fw's but to no avail.

from what i have rea

...

Discussions

Windows User-ID Agent Disconnect After Failover

Palo Alto and Forescout

Resolved! what is the Latest app and threat version after 8671-7826?

Resolved! URL Filtering Error

bundle gre tunnels and distribute internet traffic across them

Integration of Palo Alto Firewall with Cortex XDR

Resolved! Palo Alto in Virtual wire vs TAP mode.

Outlook web excessive bandwidth usage

Resolved! Firewall whitelist

The customer accesses a Website, HTTPS 443, and the traffic log finds that the application is identified as QUIC, not SSL

OID for network bandwidth usage in kbps

User insertion fail with keep alive header enable

Site to Site RSA_verify failed , error rsa routines (PaloAlto to checkpoint SMB)

Policy Based VPN

Whatsapp File transfer Block

Red/Green "LED"s in GUI are useless to screen reader software. Please Add ALT TEXT!!!

Permitted IP address for management interface could not access HTTPS but PING /SSH working

HA-Pair losing management capability after upgrading to 11.1.5.

How download a base image for Pan-OS 820

CVE-2024-9474 PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface

Re: CVE-2024-9474 PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface

HA Configurations in Strata Cloud Manager (SCM) with NGFW.

Re: Permitted IP address for management interface could not access HTTPS but PING /SSH working

Re: How to calculate max concurrent session and new session persecond in firewall

11.1.4h7 and 11.1.5 h1 high cpu

Unlock your full community experience!

Resolved! what is the Latest app and threat version after 8671-7826?

Resolved! URL Filtering Error

Resolved! Palo Alto in Virtual wire vs TAP mode.

Resolved! Firewall whitelist