About slick

I'm searching for the admin guide, but am not finding anything except this:  Security policies determine whether to block or allow a session based on traffic attributes, such as the source and destination security zone, the source and destination IP address, and the service. Custom security policies are supported with fully automated RFCs. CTs to create or delete security policy can be found under Management | Managed Firewall | Outbound (Palo Alto) category, and the CT to edit an existing security policy can be found under Deployment | Managed Firewall | Outbound (Palo Alto) category. You'll be able to create new security policies, modify security policies, or delete security policies.     Located here. I didn't immediately see anything about custom objects, but that would be a glaring omission, IMO ... View more

I don't know if this is your exact issue, but it seems as if we are tracking something internally. PAN-194219, the software packet buffers are depleting erroneously during HTTP/2 inspection only post 9.1.14 upgrade, and subsequently not decrypting.     I am now following the issue and will post updates / workarounds.  ... View more

When you click commit, there should be an option to commit all changes or admin-specific changes. Try admin-specific first.  ... View more

On chrome you can type 'thisisunsafe' and it will bypass. FYI ... View more

In either case, you can reach out to your account SE and they are able to open a support case on your behalf if need be.  ... View more

You should follow this. Instead of a single user, it would be a single IP/source address. 10Mb instead of 1000, and source zone is internet.  ... View more

Use the uninstall package that came with each agent (or rather, push the uninstall software with sccm), and the password set for the workspace will be required to complete the process. ... View more

You have the ability to create custom categories (EDLs, static lists, etc) ... View more

Firewalls are positive enforcement, meaning they will only do explicitly what you tell them to.   If you don't have a rule to decrypt telegram, it won't happen.    If telegram is being picked up as a different app, you can create or modify existing App-IDs to get granular enough to exclude/include.   If you are a user on a corporate network that IS decrypting telegram, this isn't the place to talk about offensive sec and product bypassing 🙂 ... View more

Just found a tool to get ICAP on a squid server integrated with Palo Alto here. ... View more

What OS are you running? 10.0+ gives a decryption failure pane in the ACC tab.  ... View more

I cannot check your usage hours nor waive billing from AWS. They charge you for using their resources.    I am able to help you with firewall issues, like the login.  ... View more

We are currently tracking an issue with this. Content update 8559 is causing outages, as geo-ip data is showing incorrect mappings. TAC is currently working on an advisory to customers, but, there are microsoft services and opendns resolvers in the problematic subnets:  13.107.202.0-13.107.255.255 52.127.91.0-52.127.93.255 146.75.32.0-146.75.47.255 168.63.129.16 - 168.63.129.31 142.250.176.0 - 142.250.183.255 208.67.220.0 - 208.67.220.255 Please follow these instructions to revert below 8559 and see if that fixes your issue.  ... View more

We don't have access to your support case. Can you perhaps describe your configuration, and what expected behavior isn't occurring? ... View more