Strata Cloud manager gateway traffic on cloudfront.net failing

No blocks observed but US gateways are dropping the traffic going to ohio.gov were as the UK gateway it works. The logs do not show any blocks. Any ideas how to troubleshoot would be helpful. Opened a TAC case however its dragging out for 3 days now

Is there a way to export all the certificates present via the API?

Is it possible to export all Certificates at once from a Palo Alto Firewall via API? Without having to pass the names of the certificates from the API call, because in the documentation I've only seen it possible that way.

PVLAN

Hello. I've been trying to use PVLAN with palo alto. I have two isolated host which are on the same subnet and wanted them to communicate through palo alto. I was able to manage with a switch using local proxy arp but from what I've searched palo alt

Is there an off the shelf power supply for the PA-450R?

My PA-450R did not come with a power supply and has the phoenix connectors for connecting power to it. Is the an off the shelf power supply that is recommended for this unit or will I need to supply my own power?

Unique Threat ID: 85253 increase in false positives since last update

Hi there,

Has anyone noticed an increase in false positives with Unique Threat ID 85253 since the update 8971 (2025-04-28 UTC)?

We are experiencing a rise in false positives but haven't opened a ticket yet.

Thanks,

Daniel

Custom Logs / Path Monitor Alert

Hello!

I may be trying to do something impossible, but it seems like the configuration elements are all there.  We have a static default route to our ISP that is set with path monitoring so that we failover to a backup route when the gateway is unr

resources-unavailable for DNS-base traffic

Model: Palo Alto PA-3420
Software version: 11.2.4-h1

Most of our dns-base traffic has the "session end reason" resources-unavailable suddenly. We're also having trouble loading webpages. The resources-unavailable reason is only on DNS-base traffic a

ECMP breaks secure email access.

Hi all, 

while using ECMP for the last 2 years without any issues using 3 ISP's with different weight and enabling Symmetric Return and Strict Source Path, I found that some sites with authentication access and Proofpoint secure emails access are bei

The PA-220 is unable to boot into the system.

As stated in the subject, I encountered an error during boot-up. The details are as follows:

SPI ID: ef:40:18:00:00
header found at offset 0x1d80
Image 1.2: address: 0xffffffff81000000, header length: 192, data length: 8160
Validating data...
Starting nex

Custom URL Issue

Hi all,

I had an issue where a client created a Custom URL category with multiple of URLs and added it in a Security Rule, all of the URLs specified in that custom category is matching except one URL with wild card such as *.sometechnologies.com.

I'm

Can not ping Management interface

Hi everyone,

Thanks.

Creating tunnel monitoring profile between PA-3220 to Meraki SDWAN Cisco

GlobalProtect 6.3.3

Our vulnerability scanner for the last couple weeks has been reporting vulnerabilities for GlobalProtect that are remediated with an upgrade to 6.3.3, but other than the vulnerability acknowledgement from PA mentioning it I do not see any evidence of

Other Administrators are holding device wide commit locks

Hi Guys,

i have actually the problem that i cant do any commit, there are two pending commits and if i try to commit the following message appearing:

"Error Other Administrators are holding device wide commit locks". 

Even when im logged in as the ad