Decrypt-error with Inbound Decryption DHE or ECDHE on 8.1.3

Greetings all,

I feel like I'm probably missing something simple here, but I'm running into a decrypt-error issue on 8.1.3 in regards to a server that is negotiating DHE or ECDHE ciphers with the client.  On Chrome I get:

ERR_SSL_VERSION_OR_CIPHER_MI

LED's on startup

Recently migrate to a pair of 3200 series firewalls. Everything was fine and dandy until we powered them down to migrate to the correct rack. Once we powered them up, one came up fine, but the other has a green power light and nothing else. the fans

Error when I try to add the SAML Identiti Provider for Okta

Upload SAML IdP Failed. No IDPSSODescriptor node found. Any ideas?  Here's the file I'm trying to import

<md:EntityDescriptor entityID="http://www.okta.com/exk.....">
<md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn

Firewall is sending traffic when becoming passive for a few minutes

Hello friends,

I am experimenting a strange behaviour.

When performing a manual failover with the command: request high-avaliability state suspend, the firewall that become passive continues sending traffic to the BGP peers for about 3 minutes (ICMP

firewall configuration

Captive Portal with custom images

Hello everyone,

I'm trying to implement the custom Captive Portal Response Page with custom images in it. 

Is there a way to upload my own images to the Palo Alto to use them in the Captive Portal? I did found the info about using the custom images fro

Integration of Palo alto to panaroma

Hello All,

I have two palo alto in high availiabilty running as Active-Passive mode. Basically i have to add these firewalls now in Panaroma which i will configure in High avalibility. 

Need to know what are the precautions i have to do to add these f

PA and VPC

Hi,

Hi, 

Please advise on the above design . Is there any pros and cons ?

Thanks

Routes between VPN tunnels

Currently on the Palo Alto firewall, there are 4 IPSEC VPN Tunnels.

The issue is the following, a sub network of a Tunnel, tunnel that we will call TUNEL-A01, must be able to reach a destination that its destination is in another tunnel, we will call

Support for newer OS for Minemeld

Hey,

we just started our journey with paloaltonetworks and installed the first 2 clusters. To automate our IP Adress lists, we wanted to install minemeld, but the only supported OS seems to be Ubuntu 16.04. which is out of support sind 30.04.2021,

Gp VPN user do we get customize report like from 10 may to till date GP vpn user data on date wise please confirm

Gp VPN user do we get customize report like from 10 may to till date GP vpn user data on date wise please confirm

how to block apps mobile legends in security policy

I want to block that mobile app on my iPhone 12 pro max.

GP: Internal Host Detection Two Questions

In the PAN video I located on Internal Host Detection (see below), it shows where to enable this feature. But it doesn't mention what is expected of the IP Address and Host Name. Should one use the internal IP/name of the PAN? Or something else? 

And