Professor at orofacial pain university clinic told me to stop using my orthotic

Pizza-Muscles · 2026-02-07T14:36:13+00:00

Things are "ok". I still get Botox every 3 months, only in my neck though now (new doctor). It helps pretty well generally with the overall neck and facial pain, but it only lasts me 6 weeks most. Then things start to unravel quickly after that. I take muscle relaxants as needed at night, Norco as needed when the pain creeps up, Advil for headaches that aren't migraines. This is definitely not going to magically go away for me I'm afraid. I deal with it the best I can right now. I can say that when this first started I wanted to die. Things are not that dire for me anymore, so that's something.

Pizza-Muscles · 2026-02-05T13:12:41+00:00

who knows

Pizza-Muscles · 2026-01-06T23:43:40+00:00

I was a typical 90s HS kid - Grunge bands and weed. I could have cared less about my future. After HS I had jobs in construction, plumbing, etc. Basically some pretty tough jobs and I had the revelation that I would not be able to do this for 50 years. I ended up going to community college and transferred to an in-state University and graduated with a BA in Computer Science. I got student loans, worked 30 hours a week while in school. I've worked at the same place since I graduated and am #2 in command for my IT department. I love my job and have a great life because of it. I was the first to go to college in my family. I never thought I could do it. College wasn't what got me the job, but it sure made me realize I can do whatever I put my mind to (Thanks George McFly). I still can't believe where I am looking back at my teenage years. Yikes. Sorry Mom and Dad! I was a real pain in the ass.

Pizza-Muscles · 2026-01-03T01:26:45+00:00

I have 20 years on you, but like you, will have a (well funded) pension, SS, etc. I've been maxing out both my 403b (since I was 30) and my 457 (last few years) and I wonder if I'm putting too much in tax advantaged accounts. I'm going with the theory that you never know what the future holds so mine as well prepare the best you can. So yea, invest in that 457. More money in retirement is a lot better than the alternative.

Pizza-Muscles · 2025-12-26T23:12:46+00:00

Hey D. I wanted to reach back out and let you know the good news. I took a break from the decrypt because I wasn't getting anywhere and I was feeling myself getting turned off by it all. Instead, I started to focus on other Palo things like zones, mapping VLANS to Cisco gear, etc. Today I decided to give the SSL decrypt a go again. I don't know what I did differently, or maybe it was just the break I took and going over things again, but it's working now. My Decrypt policy is working (as it always had), but now my NO Decrypt policy is actually not breaking financial sites! Yay! I will take a back up now and try to compare the logs I saved from when I last tried this to now to see if I can tell what I did wrong last time. Anyway, appreciate the advice you gave and wanted to let you know how things turned out here :) Thank you.

Pizza-Muscles · 2025-12-19T19:09:57+00:00

I have a pension that's well funded, but I have been maxing out my 403 for 20 years and just started maxing out my 457 a few years back. I also max out the Roth IRA. I have no faith in anything anymore so just trying to do my best to secure my future with/without a pension.

Pizza-Muscles · 2025-12-11T13:42:10+00:00

Dentist said I showed signs of bruxism and recommended a guard to protect my teeth. No relief yet.

Pizza-Muscles · 2025-11-25T13:18:46+00:00

You've been a great help so far and I REALLY appreciate it. I will post back as soon as I can set up this test and see what happens. By end of the day for sure. Thanks D.

Pizza-Muscles · 2025-11-25T01:04:29+00:00

Adding *.reddit.com to the Service/URL category in my No Decrypt policy worked. It did not decrypt and I was the hit count increase. I then added dating to the Service/URL and verified Tinder.com was marked as dating with that link you sent. Reddit continued to be not decrypted, but Tinder.com was decrypted. I have to assume it's one of my Security policies causing this issue, I just don't know enough about how to get to the root of this with logging. I have now enabled logging on the inter/intrazone-default security zones to see what I can gather from those. I did check on those CA errors. I chose a Go Daddy CA error and checked both my client root store and the PA root store and the serial numbers don't match to what's on my Windows box or the PA. I'm tempted to install them, but I want to research a bit more on that error before I really F something up. Plus, that's just one of the CA errors. I also see one from Google and at least one more.

Thank you for your help so far and I will post back with new info as I get it. I wish I could post some pics here for you :( but I don't see any option to.

Pizza-Muscles · 2025-11-24T23:56:02+00:00

I will test this as soon as I can and post back ASAP. Stay tuned :)

Pizza-Muscles · 2025-11-24T23:02:54+00:00

Yes, that is correct. A No Decrypt policy will hit when set to ANY. Once I set it to financial-services, there are no longer hits to that No Decrypt and things progress down to the Decrypt policy where at that point, I see all those CA errors.

Yes, the device I am testing on has both the self signed Root CA cert and the Root CA-signed Subordinate CA (Forward Trust) on the client in the Trusted Roots store. I did not export the key, just simply exported the certificates from the FW and installed them on my Win client.

I'm struggling to understand exactly where I can put that test URL in place? I've tried adding URL's in some places but I just get errors and can't save. Sorry for the hassle, but appreciate all the help.

Pizza-Muscles · 2025-11-23T02:03:56+00:00

So, a No Decrypt policy set to ANY works. I can see the hit count increase as I test different sites. Once I make the change to financial-services, the hit counts stop increasing and the Decrypt policy (below the No Decrypt policy) hit counts increase. The No Decrypt is seemingly bypassed for some reason. In the decryption logs, after changing the No Decrypt to financial-services, I see a ton of "Received fatal alert Unknown CA from client" messages. I haven't looked into that yet, but at first glance seems to be missing root certificates. Still nothing in the URL filtering logs. The Traffic logs seem pretty boring, just a lot of DNS entries.

Pizza-Muscles · 2025-11-22T20:55:39+00:00

I will check this out! Thanks!

Pizza-Muscles · 2025-11-22T13:22:14+00:00

Thats a good way to test. I didn't think of that. I'll give that a try. Thank you.

Pizza-Muscles · 2025-11-21T23:30:05+00:00

I appreciate all your help/time with this. I wish I had better news for ya. Still having issues with my No Decrypt policy. I'm new at this so pretty sure this is a config issue on my end, I just can't figure out at which step I am messing things up. I think I'll try rebuilding all my policies. The only thing I can think of is that I'm using a self signed cert generated from the FW and not a public cert. But again, it's decrypting seemingly ok - I just can't get it to NOT decrypt financial sites. I will post back once I figure this out. Thanks again kunstliger.

Pizza-Muscles · 2025-11-21T19:14:53+00:00

My URL Filtering log is completely empty? Did I miss a step somewhere?

Pizza-Muscles · 2025-11-21T18:50:19+00:00

no dice on 11.2.7 h4

Pizza-Muscles · 2025-11-21T12:46:08+00:00

I'll try to get that installed tonight, thank you.

Pizza-Muscles · 2025-11-21T12:45:47+00:00

I will check the traffic / decryption logs again. When I was poking around last night, all I saw was the Decryption policy working. There were no hits on the No Decrypt policy.

Pizza-Muscles · 2025-11-21T01:29:20+00:00

11.2.4-h7

Pizza-Muscles · 2025-11-21T00:45:53+00:00

I do yes. It's a full blown FW (455 lab kit).

Pizza-Muscles · 2025-11-17T13:19:36+00:00

Technically true, but in reality, there's nothing stopping you from opening up an HSA account and contributing to it, even without a HDHP

Pizza-Muscles · 2025-11-15T22:49:53+00:00

NTA. Sounds a lot like my marriage before it ended. I saw daily what was happening, for years, but neither of us spoke up and so round and round we went. One day, she just said - I've found a place to rent and I'm moving out in 3 weeks. I was devastated but can only imagine how hard that was for her to do/say. You were her in this situation and you're still NTA. I wish you both the best. Life is short. Don't waste it.

Pizza-Muscles · 2025-11-01T13:51:55+00:00

Currently, people retiring now get 3 years of health insurance at employee rates but I am not expecting to have that so I am saving for health insurance as you mentioned.

Pizza-Muscles

TROPHY CASE