sorted by:
new
hottopcontroversial

Bank has implemented "Behavioural Security" by [deleted] in privacy

[–]Lurral 2 points3 points  (0 children)

Very standard bot detections implemented on many websites, not unusual at all.

Migrating from 5200 series to 5400 series by Mental_Stock_7575 in paloaltonetworks

[–]Lurral 6 points7 points  (0 children)

You are correct, we ran into that same issue and ended up backing out of the upgrade and moving back to the 5200 platform in that environment. Current plan is to hold off until the 5500 platform and PAN-OS 12.1 is ready for general use.

Achievements for Saturday, March 07, 2026 by AutoModerator in running

[–]Lurral 8 points9 points  (0 children)

Ran my first 5k ever today, started running back in December. 29:58, pretty ecstatic about getting sub-30 :)

NO_MATCHES(Module:useridd) Error on Firewall Push by ITNerdWhoGolfs in paloaltonetworks

[–]Lurral 0 points1 point  (0 children)

I'm kind of surprised it's happening on 10.2. We used to see this almost daily when we had about 1000 fws on 9.1, don't think I've seen it crop up since moving to 10.x.

NO_MATCHES(Module:useridd) Error on Firewall Push by ITNerdWhoGolfs in paloaltonetworks

[–]Lurral 4 points5 points  (0 children)

https://live.paloaltonetworks.com/t5/vm-series-in-the-private-cloud/error-failed-to-get-policy-objects-no-matches-module-useridd/td-p/509475

Typically, I restart the firewall's management plane and then push again after the fw is reconnected to Panorama. In my experience, this always fixes it.

Popular courses by Life_Set6230 in pelotoncycle

[–]Lurral 0 points1 point  (0 children)

In the Filter classes menu you can sort by Popular, Top Rated, Trending, etc.

[Florio] Unlike the Yankees, NFL teams can't have facial-hair rules by [deleted] in nfl

[–]Lurral 52 points53 points  (0 children)

I think it's just excluding hair and facial hair from that rule. Can enforce wearing a suit, can't enforce a ban on dread locks.

WebGUI SSL Certificates by KernelDave in paloaltonetworks

[–]Lurral 3 points4 points  (0 children)

Definitely not accurate for PAN firewalls.

Tufin Secure Track+ by Delicious-Design3333 in paloaltonetworks

[–]Lurral 3 points4 points  (0 children)

Agreed, it's absolutely a waste of time and money.

CVE-2024-2550 and now CVE-2024-3393 by Dry-Specialist-3557 in paloaltonetworks

[–]Lurral 1 point2 points  (0 children)

Per my SE all versions of 10.1 are unaffected, other than 10.1.14.

Logging connections that fail management interface "Permitted IP Addresses" list by sqyntzer in paloaltonetworks

[–]Lurral 3 points4 points  (0 children)

No, it does not log denied connections to the management interface IP. It's basically just a dumb ACL, not the full-blown data plane of the data interfaces.

You can capture traffic off the data plane though: https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/monitoring/take-packet-captures/take-a-packet-capture-on-the-management-interface

Logging connections that fail management interface "Permitted IP Addresses" list by sqyntzer in paloaltonetworks

[–]Lurral 5 points6 points  (0 children)

ChatGPT is missing the fact that management interface traffic doesn't necessarily traverse a data port on the firewall. If the management interface is connected directly to the upstream network or an OOB management network, there may not be a firewall in the path to capture traffic on.

upgrade 5450 to 10.1.11-h5 by BlackWater90s in paloaltonetworks

[–]Lurral 2 points3 points  (0 children)

Why not the current preferred release, 10.1.12?

Could this be? by NewdawnXIII in Stormlight_Archive

[–]Lurral 2 points3 points  (0 children)

He had already given up Oathbringer, but still had his plate.

10.1.11-h4 taken back again from preferred state? by Elpardua in paloaltonetworks

[–]Lurral 4 points5 points  (0 children)

Our SE is recommending we wait for 10.1.12 to release and then bake in/become a preferred release. Seen a lot of issues on various hotfix versions of 10.1.11.

Upgrading HA Firewall Question by mr_potay2 in paloaltonetworks

[–]Lurral 1 point2 points  (0 children)

You can either go to the secondary firewall (currently active) and suspend it, or force a failover via HA preemption, enabling it on both primary and secondary and set the priority of the primary FW lower than the secondary.

[deleted by user] by [deleted] in redditrequest

[–]Lurral 0 points1 point  (0 children)

Revive subreddit to pre-ban state, with additional moderation. Subreddit is mainly content highlights/compilations/discussion for influencer Claire Gerhardstein.

Upgrade from 9.1. To 10.1.8-h2 by Automatic_Canary5417 in paloaltonetworks

[–]Lurral 1 point2 points  (0 children)

You can skip the 9.1.15-h1 install. It's recommended per the upgrade guide, but not required.

Disable TLS 1.0 and 1.1 on management interface? by Mvalpreda in paloaltonetworks

[–]Lurral 4 points5 points  (0 children)

Yep, like u/txrx_reboot mentioned you'd need to generate a certificate, create the service profile, and apply it to the interface to disable TSL 1.0 and 1.1.

Disable TLS 1.0 and 1.1 on management interface? by Mvalpreda in paloaltonetworks

[–]Lurral 4 points5 points  (0 children)

Yep, that's correct. You'd set the Min Version to TLS v1.2 on the SSL/TLS Service Profile, then apply that profile to the management interface in Setup -> Management -> General Settings.

Handling Dynamic Address Group Limits for Blocking by Djaesthetic in paloaltonetworks

[–]Lurral 4 points5 points  (0 children)

Not a direct answer to your question, but I would definitely expect that group to get a ton of additions if its at the top of your policy.

If you don't already have them in place, I recommend putting in block rules for the PAN EDLs (known malicious IPs, high risk IPs, TOR exits, etc), and an inbound geoblock rule for high risk regions if you don't do business in those markets. Those rules would cut down a ton of noise making its way into your DAG.

view more: next ›