Ikev2 site to site VPN between Arista ETM and Palo Alto

Hello Mams and Sirs,

I need your advice here.

I have configured an ikev2 policy based site to site VPN between our Palo Alto and client Arista ETM. I manage the Palo Alto.

The status of the VPN shows up. But, communication between the subnets(l

Scanning for Misconfigured Endpoints in Cortex XDR

Hello good day,

I wanted to inquire if there is any built-in functionality or available option within Cortex XDR that allows for scanning and identifying misconfigured endpoints. Additionally, is there a specific query or set of queries that can be

Unable to download updates

When I download the Palo Alto upgrade software（11.1.4-h1），the following error message is displayed:

"Failed to download due to Empty file returned by update server."

I have click “check now” and Synchronize to the peer

HOW TO REGISTER MY DEVICE FOR SUPPORT

Hi

ihave connected my paloalto-PA-410 decice.

I am looking to see how to register this.

i cannot find the sales ordernumber or customer ID as this was sent through theGreater Glasgow Health Board?

Thanks

Dr Sobia Bhatt

Retrieving Content 'Antivirus' info failed with error 'An error occurred while processing request. Please try again after some time or contact support

All our 10 devices throws there errors (medium severity) since Thursday.

TAC has no response for this.

Anyone?

Disable TLS 1.0 and 1.1 and also weak cipher

How to disable TLS version 1.0 and 1.1, also to disable weak cipher for WildFire

Configure Authentication with Custom Certificates on the WildFire Appliance

I went through this KB it shows how to disable the 1.0 and 1.1 but how to disable weak ci

In Wildfire how do we disable weak TLS ciphers?

Nessus scanning is picking up TCP/443 TLS v1.0 and v1.1 on our WildFire (WF-500) appliances.

Is there a way to turn off TLS v1.0 and v1.1 on the WildFire ?

Below is the Nessus scanner notification.

-------------------------------------------------

CVE-2025-0108

Hello.
I was just looking at this severity 7.8 high CVE-2025-0108 PAN-OS: Authentication Bypass in the Management Web Interface and it says PAN-OS < 11.1.6-h1 is affected. This doc Support PAN-OS Software Release Guidance | Palo Alto Networks says 11.

preferred PAN-OS software versions table

HI, dear PaloAlto team,

Why has the preferred PAN-OS software version table been changed? The previous view was much better, because it allowed to select the preferred software version and schedule changes....
Now there is only one preferred version

Google-base app, what its cpable of in escense of google apps.

Hi Team,

            Recently, I had to allow an internally developed android and IOS for users that are allowed and not allowed to access internet.

this app "externally hosted internally developed" role is consisting of destination IPs and web-brows

Dynamic ports to Static

Hi Team,

I'm trying to configure the Dynamic ports (49152-655355) to static 37001 . We have destined server which is sending dynamic ports to establish the link and data exchange.

what is best option to have this hardening.?