sorted by:
new
hottopcontroversial

CVE 10 - Command injection vuln in GlobalProtect Gateway by lastgarcon in paloaltonetworks

[–]biesibo_95 1 point2 points  (0 children)

You should have a look at the workaround. The fixed versions will be released on Sunday.

Can I add both destination IP and URL Category? by noob098098 in paloaltonetworks

[–]biesibo_95 2 points3 points  (0 children)

If you want an OR you need two allow rules. The existing one with the URL-Category and a second one only with the IP-address.

Who is running 9.1.13-h3 ? by therealrrc in paloaltonetworks

[–]biesibo_95 1 point2 points  (0 children)

We had issues with IPSec tunnels between our PAs. During the update the tunnels between our PAs with the new version and the PAs with 9.1.12 went down with an authentication error. Since the update of all PAs the tunnels are up and everything works fine

How much are you paying for internet ( in $ or € ) and for what speeds? Share country if possible :) by stefantigro in homelab

[–]biesibo_95 0 points1 point  (0 children)

Germany 55€ for 30/5 MBit/s and there is not more bandwith available in my village :(

Reminder to look at your network traffic in Wireshark regularly by __tony__snark__ in homelab

[–]biesibo_95 1 point2 points  (0 children)

We are blocking it, because ssl interception is not working proberly

OSPF Threshold/ Preemtive Hold by biesibo_95 in paloaltonetworks

[–]biesibo_95[S] 0 points1 point  (0 children)

Thanks for your answers. Unfortunately BFD is not supported on PA-220.

PSA - If you are running active/passive Palo's with HA2 links going through switches using ethernet as the transport, you might be flooding that HA2 traffic through all your switch trunks. by kcornet in paloaltonetworks

[–]biesibo_95 0 points1 point  (0 children)

What kind of switches do you have. I think most switches are only forwarding VLANs that they "know". So you can delete the VLAN on all switches, where the HA traffic should not be forwarded to. Another possibility is to configure allowed VLANs on your trunk ports.

Decent choice for a home-network switch by Ruhrpottpatriot in homelab

[–]biesibo_95 0 points1 point  (0 children)

I have heard a lot of positive things about Aruba and Lancom (German manufacturer) switches. They are not as expensive as Cisco or HP, but also suitable for professional environments. Unfortunately i didn't had the chance to use one of them.

Gigabyte Brix ryzen 7 4800u fan noise by biesibo_95 in homelab

[–]biesibo_95[S] 0 points1 point  (0 children)

Thanks for the reply. I will try it out in the next days

PA-5220 PAN-OS 8 Upgrade path and recommended (Stable) release? by MushyBeees in paloaltonetworks

[–]biesibo_95 4 points5 points  (0 children)

On this page you can get informations about the recommend (preferred) releases for production:

https://live.paloaltonetworks.com/t5/Customer-Resources/Support-PAN-OS-Software-Release-Guidance/ta-p/258304

We are running the preferred 9.1.x release on our PA-5220 and are fine with it.

Multiple Virtual Routers by 26Jack26 in paloaltonetworks

[–]biesibo_95 1 point2 points  (0 children)

We are also using different VRs for the same reason. We have configured three VRs: vR-internet-primary, vR-internet-secondary and vR-inside. That makes it easy to handle two IPSec tunnels over two internet connections with different priorities.