Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- CN-Series
- VM-Series:
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
Security Operations
- Resources
- COVID-19 Response Center
About NetWright
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- About NetWright
Online
5Posts
0Likes
0Solutions
Jun 18, 2021Last Visited
User
Activity
User
Profile
Latest posts by NetWright
| Subject | Views | Posted |
|---|---|---|
| 1333 | 03-09-2020 08:54 PM | |
| 1364 | 03-09-2020 06:01 PM | |
| 946 | 05-26-2017 12:50 PM | |
| 1006 | 03-01-2017 01:52 PM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 Like | |||
| 1 Like | |||
| 1 Like |
User Badges
Community Statistics
| Member Since | 02-08-2017 09:23 AM |
| Date Last Visited | Friday |
| Posts | 5 |
03-09-2020
08:54 PM
Thanks. Ok, yeah I see the cert with that command ( show system setting ssl-decrypt certificate ). . Wondering if there's a way to validate when the cert is being used and that it's being used successfully. I know the Untrusted cert will be presented only when the PAN doesn't trust the sites CA but how to see this? I see the behavior from the client side using this site - https://untrusted-root.badssl.com/ Is there a way to see what cert is being presented for the client from the PAN side? show system setting ssl-decrypt certificate <<snip>> global untrusted ssl-decryption x509 certificate version 2 cert algorithm 4 valid 200310033320Z -- 210310033320Z cert pki 1 subject: SSL Decrypt Untrusted 2018 issuer: SSL Decrypt Untrusted 2018 serial number(4) 7b 89 e3 36 {..6 rsa key size 2048 bits siglen 256 bytes basic constraints extension CA 1
... View more
03-09-2020
06:01 PM
After Forward Trust certificate is renewed is there a way to validate the renewed certificate is working correctly from either GUI or CLI? Device > Certificate Management > Certificates > Forward UNTrust Certificate
... View more
05-26-2017
12:50 PM
Got the same reply in the notes of a case opened with PAN support. They must have been looking over your shoulder. Sent email to our SE and will follow up with same.
... View more
03-01-2017
01:52 PM
Wondering if there's a way to configure a threshold for OSPF LSA updates/messages? Or if such a threshold is already in place by default on Palo Alto firewalls. Something that can maybe drop anything more than say 7 LSA messages in 5 minutes. Apparently, there's a security threat related to a device getting DOS'd by an overwhelming flow of LSA messages and our security consultant wants us to configure a threshold to drop more than x number of LSA messages in a given period. I see there's an LSA interval like this: • LSA Interval (sec) —The option specifies the minimum time between transmissions of two instances of the same LSA (same router, same type, same LSA ID). This is equivalent to MinLSInterval in RFC 2328. Lower values can be used to reduce re-convergence times when topology changes occur. Yet that doesn't seem to address the issue of an overwhelming number of updates being sent maliciously. For comparison on the Cisco-side there's a concept of: "OSPF Link-State Database Overload Protection" which is configured with this command in the OSPF router process: max-lsa maximum-number [ threshold-percentage ] [ warning-only ] [ ignore-time minutes ] [ ignore-count count-number ] [ reset-time minutes ]
... View more
LEGAL NOTICES
Copyright 2007 - 2021 - Palo Alto Networks
