General Topics

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

LIVEcommunity is thrilled to introduce its new Support FAQ section, designed to help Palo Alto Networks customers quickly resolve their common queries.

You'll find this new area under the Articles section of the main menu:

Our goal is simple:

...

Fetch Device Certificate failure

Hello,

I am getting this error (Failed to fetch device certificate.TPM public key match failed.) on a PA460 (11.0.2-h2).

I tried multiple solutions without success :

This KB https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000

...

Resolved! Where does it show which Agent Config applied to a specific users' Global Protect session

We have multiple agent configs for Global Protect and apply them using OS type and group membership.

I want to see which agent config was applied to a specific users session. Where do I see this?

I have checked system logs, and it shows the auth

...

Can Panorama Virtual Appliance be Vmotioned?

Does Panorama support vmotion? I know the virtual firewall does not but the documentation makes no mention of Panorama.

Resolved! tcp/dynamic port range

I'm looking for a definitive answer on what port range "tcp/dynamic" and "udp/dynamic" uses. I would figure that it is 49152-65535, but I have not been able to locate anything in documentation or the community to confirm this.

Exclude www.google.* from decryption

Hello,

are you able to exculde https://www.google.com ; https://www.google.de and other domains from SSL decryption?

Or clients complain about the slow loading of the website when they open Google or try to search something.

Currently i add in a white c

...

High availability Links on different locations

Hi,

we have 2 PA1410 on two different buildings. They act in an active-passive cluster.

On each location is a switch, and the Firewall ist connected with all of its port (ha1a, ha1b, ha2, MGM, Data) to the switch.

The switches are connected though a

...

Beaon PCNSE study guide - practise questions

Hi Guys

did one of the prep exams and had a couple of questions marked wrong.. but not sure they were.. any ideas?

Q1

GlobalProtect clientless VPN provides secure remote access to web applications that use which three technologies? (Choose three.)

...

Resolved! Query Regarding Differences Between Cortex XDR 7.9 CE and 8.3 CE Versions

Hi Community,

I have a query: What is the difference between the 7.9 CE version and the 8.3 CE version? Please share the features of the 8.3 CE version and also those of the 7.9 CE version.

Cortex XDR service causing maxed out CPU and memory spikes on DCs

We are getting constant alerts from our monitoring system that out DCs are constantly having maxed out CPU and memory spikes. On every alert cyserver.exe is the top resource user.

Cortex XDR Service

8.4.0.51691

Domain Controlers are all Windows Ser

...

ECCN for PrismaCloud

Hello,

I am looking for the ECCN for PrismaCloud. Can you help me?

Resolved! Install the Cortex XDR Agent Using Msiexec

Hi Team,

we need to install the agent using Msiexec, kindly provide the steps, and also, we have followed the below-mentioned command, but we didn't get the expected result.

msiexec /i c:\Windows_agent_8_4_x64.msi /l*v C:\temp\cortexxdrinstall.l

...

wildfire upload failed and log shown in the wildfire submission log repeatedly.

Software Version 10.2.9-h1

wildfire log flood. it cause the wildfire malfunction.

2024-06-04 11:47:50 +0800: daqiandy-release_v1.6.1_0331_18_49_India_GuanWang_pro.apk script upload failed PUB 28404 686 337 0x801c allow
2024-06-04 11:47:50 +0800: d

...

Resolved! How could i drop"unknown RADIUS authentication protocol"?

Hi!

Recently we were receiving in our environment alerts of failed authentications from different random IP's and random usernames, i was able to reduce them following the next article: Detecting Brute Force Attack on GlobalProtect Portal Page - Know

...

PA-410 Firewall not fetching dynamic and software updates

We have a customer who is not able to fetch software version and dynamic updates

In CLI, we checked reachability to updates.paloaltonetworks.com, and we are able to reach and also updates.paloaltonetworks.com address is getting resolved

we then res

...

Resolved! Zoom phone custom signature thru: ssl-req-chello-sni

Hi everyone!

We are currently moving our phone system to zoom, and we had an issue with the zoom application, some of their traffic its categorized as an incomplete causing that some calls hang out, or don't ring, I made an custom application, usin

...

Discussions

Introducing the LIVEcommunity Support FAQ: Your Valuable Customer Resource

Fetch Device Certificate failure

Resolved! Where does it show which Agent Config applied to a specific users' Global Protect session

Can Panorama Virtual Appliance be Vmotioned?

Resolved! tcp/dynamic port range

Exclude www.google.* from decryption

High availability Links on different locations

Beaon PCNSE study guide - practise questions

Resolved! Query Regarding Differences Between Cortex XDR 7.9 CE and 8.3 CE Versions

Cortex XDR service causing maxed out CPU and memory spikes on DCs

ECCN for PrismaCloud

Resolved! Install the Cortex XDR Agent Using Msiexec

wildfire upload failed and log shown in the wildfire submission log repeatedly.

Resolved! How could i drop"unknown RADIUS authentication protocol"?

PA-410 Firewall not fetching dynamic and software updates

Resolved! Zoom phone custom signature thru: ssl-req-chello-sni

On premise RSA MFA setup.

No ping reply via Palo to Palo S2S

PA not be able to access internet

SSO Palo Alto Support Portal

IPv6 on public interface

SYSTEM ALERT : medium : MLAV: Unknown error

Re: SYSTEM ALERT : medium : MLAV: Unknown error

Re: SYSTEM ALERT : medium : MLAV: Unknown error

Re: ACC shows ipv6 addresses in source/destination IP

Re: Howto delete sub-interace from cli

Unlock your full community experience!

Resolved! Where does it show which Agent Config applied to a specific users' Global Protect session

Resolved! tcp/dynamic port range

Resolved! Query Regarding Differences Between Cortex XDR 7.9 CE and 8.3 CE Versions

Resolved! Install the Cortex XDR Agent Using Msiexec

Resolved! How could i drop"unknown RADIUS authentication protocol"?

Resolved! Zoom phone custom signature thru: ssl-req-chello-sni