This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

About crypto

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
crypto
‎11-27-2022
since ‎10-01-2018
L2 Linker
User Activity
User Profile
Latest posts by crypto
View All
User Badges
Community Statistics
Member Since ‎10-01-2018 06:27 AM
Date Last Visited ‎11-27-2022 09:02 PM
Posts 18

Re: how o deploy two PA firewall in different AZ

by in VM-Series in the Public Cloud
‎11-27-2022 04:52 PM
‎11-27-2022 04:52 PM
Hi Jperry, It is possible now. ... View more

Phase 1 compromise impact to Phase 2

by in Next-Generation Firewall Discussions
‎11-27-2022 07:07 AM
‎11-27-2022 07:07 AM
Hi, I would like to know if IKEv2 phase ia compromise because of weak encryption in proposal,  malicious user  can access to all data sent across the VPN connection, which may include passwords and sensitive file ?   Or Malicious user only know phase 1 proposal and it cannot be impact phase 2 if we are suing strong encryption on phase 2 ?  ... View more

Re: How to upgrade PA on AWS and How much downtime do we need ?

by in VM-Series in the Public Cloud
‎05-17-2022 09:17 AM
‎05-17-2022 09:17 AM
After connecting the NICs to the Palo Alto, you must reboot. cupcake 2048 ... View more

Re: Paloalto Firewall and VPC peering

by in VM-Series in the Public Cloud
‎02-28-2022 09:39 AM
‎02-28-2022 09:39 AM
This would be true if you were only using AWS native constructs but introducing the Palo Alto FW in the "Transit" VPC would allow you to pass traffic/inspect traffic by sending traffic to a VPC subnet ENI resource to another subnet ENI resource. In effect, the Palo Alto FW becomes the "transit router" for the VPC. VPCs as AWS native constructs are non-transitory in nature but a FW can act as the bridge.   ... View more

Re: URL filtering and white list

by Cyber Elite in General Topics
‎09-15-2020 11:08 PM
‎09-15-2020 11:08 PM
Hi @crypto ,   That is correct, with SSL decryption firewall will have visibility over the full URL, which ensure more accurate categorization. If no SSL decryption is enabled FW will use certificate subject name or subject alternative name to identify the requested site and use this information for categorization.   One good example that saw somewhere in this forum a while ago is - take blogger.com which is categorized by PAN-DB as " Personal Sites and Blogs". If I create a blog there to discuss weapons, my blog should fall under "Weapons" category, but since your firewall doesn't have SSL decryption enabled it will only inspect the SSL certificate and will now that the user is trying to react blogger, which is save in general. But if you enable SSL decryption firewall will have access to the full URL and will know that not only user is trying to reach blogger.com, but which specific blog it is trying to reach it and apply more granular control.   Same goes for any other sites that is using wildcard certificate for the whole domain, but different subdomains are categorized differently.      To sum up - even if your don't use SSL decryption you will be able to block HTTPS. In general you probably will be fine without decryption, as you explain it correctly it will give you more visibility and you will have granular control over some edge cases URLs ... View more

Re: PA cannot get update and cannot get internet access

by in VM-Series in the Public Cloud
‎07-28-2020 10:40 PM
‎07-28-2020 10:40 PM
Hi, Now all are ok ready. i need to add service route for NTP and DNS.I also need to add access rule for NPT and DNS too. ... View more

Re: HA on AWS

by in VM-Series in the Public Cloud
‎07-09-2020 07:03 AM
1 Kudo
‎07-09-2020 07:03 AM
1 Kudo
If using the TGW, vpn to the TGW rather than to the firewalls and use the TGW routing mechanism to route through the firewalls before going to the spoke VPC.  If using a single VPC, vpn to a VGW attached to the VPC and use Ingress Routing to route through the firewalls.  If you VPN to the firewalls and they are not configured for HA, you either need to SNAT the traffic or use some additional scripting to update the VPC routing to avoid asymmetry.   I believe you could benefit from a white board session with one of our SEs.  Reach out to your local account team and they can assist with locking in a design that suites your environment. ... View more

Re: 802.1x wired authenicaton with MS CA and paloalto

by Cyber Elite in General Topics
‎10-02-2018 02:05 PM
‎10-02-2018 02:05 PM
Hello, Unfortunatly no. The PAN is not a RADIUS server nor a NAC device. As for enforcer, not sure what you mean by that since if the client fails 802.1x authentication, their traffic is blocked at the switch port and the traffic will never get to the PAN.    Hope that helps. ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎11-27-2022 09:02 PM
LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks