Category Archive: Palo Alto
Jul 30
Palo Alto Firewall – Split-brain issue
High Availability (HA) configuration is recommended to ensure availability of the network and most companies and organizations use device pairs to achieve this goal. In some instances HA may cause unexpected issues even configuration and physical cabling is correct. One of the most common issues is called Split-brain. Palo Alto Networks uses a private heartbeat …
Jul 29
Palo Alto Firewall SSL Decryption (Proxy) – Supported Cipher Suites
Palo Alto Networks devices decrypts and supports the five cipher suites shown below: RSA-AES256-CBC-SHA Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) RSA-AES128-CBC-SHA Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) RSA-3DES-EDE-CBC-SHA Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) RSA-RC4-128-MD5 Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004) RSA-RC4-128-SHA Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005) Note: TLS 1.2 support has been added starting with PAN-OS 6.0, with the addition of the following …
Jul 27
Palo Alto Firewall PAN-OS – Packet processing logic
Palo Alto Firewalls below to NG firewall family (Next Generation). It means the firewall not only perform simple Layer3/4 filtering but also advanced functions like Layer 7 inspection, SSL Proxy, IDS/IPS etc. In order to better understand way the firewall works it’s important to know how it handle traversing traffic. Packet processing logic is presented …