Syncthing

Hello everyone, has anyone already developed a custom application for Syncthing(https://syncthing.net/)? I have two challenges. One of my customers uses SyncThing (for whatever reason) for business purposes and needs to ensure that it works reliably. Another customer, on the other hand, wants to prevent it from working and wants to explicitly st...

Lab initial procedure for PA VM 8.0

Hello Team, First of all am a noob on the paloalto and I'm diving into the Palo Alto Firewall world after spending a year on the Cisco L2 side. Just set up a lab mirroring the site design for a new organization, and it's my first go at Palo Alto. For the real deal, I'll be handling a PA-850. Feeling pretty good about Nexus and endpoints, but c...

SSL Decryption, Spoofed Certificate and Originale Certificate comparison and the removed extensions fields that can break TLS Connection

SSL Decryption for Outbound Traffic and the Block Private Key Export option

The firewall uses a certificate with the role of CA Certificate of Authority to perform SSL Decryption for outbound traffic. There are three methods to generate this certificate. Method 1 : You can use a self-signed certificate. The firewall will generate a Certificate with the Public / Private keys automatically without involving an extern...

IPSEC Tunnel monitor

We have Palo Alto 1410 and 460 model firewalls. These firewalls are connected via IPsec tunnel. I want to monitor the IPsec tunnel. I get a warning that there is no data to display in the Acc menu. What I want to see is how much data and resources Tunnel uses. What can I do?

Understand the "Block Private Key Export" option with three scenarios

The firewall uses a certificate with the role of CA Certificate of Authority to perform SSL Decryption for outbound traffic. There are three methods to generate this certificate. Method 1 : You can use a self-signed certificate. The firewall will generate a Certificate with the Public / Private keys automatically without involving an extern...

"The Block Private Key Export" option - Strange Behavior

I read the following explanation about the "The Block Private Key Export" option : You can permanently block the export of private keys for certificates when you generate them in or import them into PAN-OS or Panorama. I tested this option for the certificate generated by an external CA as shown below: I submitted the CSR to the CA serve...

Preempt behaviour in HA

Hi all, As per palo alto documentation if we enable preempt in HA then primary palo alto will reclaim its active position if it comes back. Does this reclaim works on complete device failure or for any monitoring link/path failure also.

What's mean minus value and rate in global counter?

What's mean minus value and rate in global counter?Does anyone know? Global counters: Elapsed time since last sampling: 6.617 seconds name value rate severity category aspect description pkt_pktlog_forwarding -42 -6 info packet resource Packets entered module pktlog stage forwarding pkt_module_internal -77 -11 info packet re...

BGP route is not present on the other region

This is the representation of the connectivity of my setup. Inside each region have Palo Alto firewall and Silverpeak appliance. On each region, between Palo Alto and Silverpeak there is ibgp that been configured. AS number is the same. On the firewall itself, each AS number is different. Currently from China, it only have the route to Sing...

Forcing/Redirecting IP addresses to use name

Hi All, happy new year. Is there a way to block or forcing/redirect incoming traffic to an ip address. I would like to block outside attempts from trying to access the network using the ip address instead of the hostname/url. Appreciate any suggestions and advice. Cheers Deena

DNS-Base traffic

Hello Fellow Members, Have been going through the ACC tab and noticed some rather abnormal traffic, have traffic that well beyond 800TB, and at times goes beyond 1000TB(1PB), is this normal given that fact I am looking at internal traffic (intrazone default) and looking at just the last 1 hour. Application causing all the traffic appears to ...

30 day trial license activation

Hello, i started my trial license yesterday and wondering if i can register it? When i go under software update, it says "The device is not found or not registered, please try after some time". When i try to create a support account it wants from me a serial number. I insert the number from dashboard and error appear "Invalid Azure Serial Num...