Category Archive: Palo Alto

Apr 06

Palo Alto (PanOS) CLI Reference


Jul 30

Palo Alto Firewall – Split-brain issue


High Availability (HA) configuration is recommended to ensure availability of the network and most companies and organizations use device pairs to achieve this goal. In some instances HA may cause unexpected issues even configuration and physical cabling is correct. One of the most common issues is called Split-brain. Palo Alto Networks uses a private heartbeat …

Continue reading »

Jul 29

Palo Alto Firewall SSL Decryption (Proxy) – Supported Cipher Suites


Palo Alto Networks devices decrypts and supports the five cipher suites shown below: RSA-AES256-CBC-SHA Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) RSA-AES128-CBC-SHA Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) RSA-3DES-EDE-CBC-SHA Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) RSA-RC4-128-MD5 Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004) RSA-RC4-128-SHA Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005) Note: TLS 1.2 support has been added starting with PAN-OS 6.0, with the addition of the following …

Continue reading »

Jul 27

Palo Alto Firewall PAN-OS – Packet processing logic


Palo Alto Firewalls below to NG firewall family (Next Generation). It means the firewall not only perform simple Layer3/4 filtering but also advanced functions like Layer 7 inspection, SSL Proxy, IDS/IPS etc. In order to better understand way the firewall works it’s important to know how it handle traversing traffic. Packet processing logic is presented …

Continue reading »