Certificate failed to load

Hi all,

We have two PA-4060 in active/passive mode with PAN-OS 4.1.12 (I know, old..).

Yesterday, after rebooting passive device auto commit failed with:

Error: Certificate 'XYZ' failed to load: failed to parse key

and device went to not-ready state.

Afte

ISSUE WITH GLOBAL PROTECT

We have configured One VR-1 only

Ethernet 1/1 is a WAN interface

Ethernet 1/2 is a WAN interface

Ethernet 1/3 is a WAN interface

Ethernet 1/4 is a LAN interface

We’ve created

ETH1-ZONE for Ethernet 1/1

ETH2-ZONE for Ethernet 1/2

ETH3-ZONE for Ethernet 1/3

ET

Would Traps be able to detect and kill this file on the host without requiring any manual remediation?

A customer is seeing infected word files with macro in their network. The firewall is not able to block this file because the macro keeps changing file hash, even with WildFire enabled.

Would Traps be able to detect and kill this file on the host with

En modo mantenimiento no me deja hacerle un factory reset, me aparece typeerror: unpack-sequence

Traceback (most recent call last):vigate,  ENTER=Select,  ESC=Back

  File "/usr/local/bin/mrt", line 192, in ?

    main(sys.argv[1:])

  File "/usr/local/bin/mrt", line 187, in main

    m.main()

  File "/usr/lib/python2.4/site-packages/mrt/ui.py", line 433

Can PA be possible for content inspection after ssh decryption?

Hello,

Can PA be possible for content inspection after ssh decryption?

I looked the below document.

Details on Port Forwarding Inside SSH

This document mentioned the following comment.

"Content and threat inspection is not done on the SSH tunnel session"

I

What happens if Dynamic Block List server is inaccessible?

If we are retrieving a list of IP's via Dynamic Block List to Allow and/or Deny traffic, what would happen if the web server hosting the .txt file is inaccessible during a refresh? Would the DBL object lose all of the IP addresses and render the rule

Issues with geolocation IP addresses

Hello,

We have policies (geolocation) which only allow connection from Spain and Andorra.

In many cases the IP addresses identified by geolocation, is not properly updated and sometimes Palo Alto identifies an IP like another country rather than as Spa

Active/Active HA on 7050

I'm getting ready to implement an Active/Active setup on a 7050. What is the best practice for bandwidth over the HA links? I'm more curious about the HA2 and HA3 links.

Preempt Loop Detected

Hi All,

I've implemented Active-Passive firewall with preempt options enabled as below :

I use Path monitoring to IP B to detect failure. When I shutdown the bridge (device between A and B), the Active device switch to X and A status became non-functio

About Microsoft Vulnerability

Hello all,

My customers PA-3020 detected  a few  Microsoft Vulnerability Threat coming from Inside ( Web server ) to Outside  ( Internet ) .

We investigated the cause of this , but could not replicate the issue and finding the cause of it.

We scanned

DNS attack? False positive: urussynonumsantonums.com

Hello,

I am new to this realm so please note if I ask alot of questions, you all have the answers.  I have a PA device that has been spitting out multiple, multiple, and multiple Threat notices for the above domain: urussynonumsantonums.com.

I have se