PA-3200 Series & PA-3440 QSFP port Difference

Hello.There are 4 QSFP+ ports of 3200 Series.There are two QSFP+ ports of PA-3440.QSFP port decreased as new series came out, and I wonder why.If you know, please reply.Thank you.

restoring an NGFW from factory default

Good day to Palo Alto LIVE Community, What are the steps / procedures for "resurrecting" a dead Palo Alto firewall? We have a previously-working Palo Alto firewall that eventually needed to be set to factory default settings. (since its console port was still working) I'm guessing that, after factory default settings, I will need to try do...

PA-220 OID Power and FAN

Hello team, i have a PA-220 with PANOS 10.1.x and I would monitor FAN and power supply status via snmp. What are the oids for monitoring these components? Thanks for the support BR

Video Traffic between cameras and server

Dears I have a huge campus of university with multiple building ( 20 to 30 small and big) we have cameras every where in the campus and also user traffic is on the same access switch , i m introducing a campus firewall so that the user traffic between the vlan will pass by firewall currently the CCTV server is not behiind the firewall and it ...

PA-3000 series and PA-5000 series Content updates consume 100 % Pan/cfg.

Before Content update. Wed Jan 10 07:06:05 SGT 2024Filesystem Size Used Avail Use% Mounted on/dev/md2 3.8G 3.4G 270M 93% //dev/md5 7.6G 6.0G 1.2G 84% /opt/pancfg/dev/md6 3.8G 1.7G 2.0G 47% /opt/panrepotmpfs 2.0G 210M 1.8G 11% /dev/shmcgroup_root 2.0G 0 2.0G 0% /cgroup/dev/md8 198G 153G 36G 82% /opt/panlogswhile upgrading. Wed Jan 10 07:06:26 SGT...

Lab initial procedure for PA VM 8.0

Hello Team, First of all am a noob on the paloalto and I'm diving into the Palo Alto Firewall world after spending a year on the Cisco L2 side. Just set up a lab mirroring the site design for a new organization, and it's my first go at Palo Alto. For the real deal, I'll be handling a PA-850. Feeling pretty good about Nexus and endpoints, but c...

SSL Decryption, Spoofed Certificate and Originale Certificate comparison and the removed extensions fields that can break TLS Connection

SSL Decryption for Outbound Traffic and the Block Private Key Export option

The firewall uses a certificate with the role of CA Certificate of Authority to perform SSL Decryption for outbound traffic. There are three methods to generate this certificate. Method 1 : You can use a self-signed certificate. The firewall will generate a Certificate with the Public / Private keys automatically without involving an extern...

Understand the "Block Private Key Export" option with three scenarios

The firewall uses a certificate with the role of CA Certificate of Authority to perform SSL Decryption for outbound traffic. There are three methods to generate this certificate. Method 1 : You can use a self-signed certificate. The firewall will generate a Certificate with the Public / Private keys automatically without involving an extern...

"The Block Private Key Export" option - Strange Behavior

I read the following explanation about the "The Block Private Key Export" option : You can permanently block the export of private keys for certificates when you generate them in or import them into PAN-OS or Panorama. I tested this option for the certificate generated by an external CA as shown below: I submitted the CSR to the CA serve...

Preempt behaviour in HA

Hi all, As per palo alto documentation if we enable preempt in HA then primary palo alto will reclaim its active position if it comes back. Does this reclaim works on complete device failure or for any monitoring link/path failure also.

BGP route is not present on the other region

This is the representation of the connectivity of my setup. Inside each region have Palo Alto firewall and Silverpeak appliance. On each region, between Palo Alto and Silverpeak there is ibgp that been configured. AS number is the same. On the firewall itself, each AS number is different. Currently from China, it only have the route to Sing...