Disable weak cipher suite in SSH

I would like to disable weak cipher suite in SSH for over 100+ Firewalls with the following commands.  The firewalls are running in High-Availability (H/A) mode, version 9.1.10:

configure
set deviceconfig system ssh ciphers mgmt aes256-ctr
set deviceco

User mapping not happening properly

We have recently added a user in the server list.

We are able to see the user in LDAP but when it comes to firewall we are not able to see the user in security policy.

When i checked the user with following command

show user ip-user-mapping all | match

Generated traffic logs showing weird information

I have a VM-500 panos-8.1.18. I am seeing traffic logs with below flags

Session End Reason- policy-deny (means traffic denied as per policy)

Action -Allow ( how can action be allowed when traffic is denied via policy)

Type- deny

We also have ssl decrypt

How do I set bgp auth-profile secret in XML?

Can we use SFP+ with PA-820?

Hi, Guys. I plan to use the PA-820.
The PA-820 has only two HA ports.
I am planning to substitute the HA ports with SFP ports.
Can I use the PAN-SFP-PLUS-CU-5M with the PA-820?
The PAN-SFP-PLUS-CU-5M is cheaper than the PAN-SFP-CG, so I would like to use

Palo Alto IPV6 configuration for firewalls running in active-active HA

Hello All,

We have a customer planning to enable IPV6 firewalling in their current  data center firewalls. The firewalls are currently running in active-active HA mode. I have the below queries.

1. When I configure IPV6 address on the interfaces, is

antivirus not able to update

we have recently renew our license of thread prevention . As application and threats are update but the antivirus is not update from Palo alto server. We  downloads the AV from support portal and manually install in FW  and run this command still ant

Properly routing IPv6 across site-to-site IPSEC tunnel

Configuration:

I have two /56 IPv6 prefixes, one which is used in our Bay Area office, and one which is unused. I have taken a /64 from the unused /56 prefix and assigned it for use by our office in The Netherlands. They will use DHCP to assign the a

URL with port

Hi, 

Wondering if someone can help me out. I've done some searching and have not come up with with much

I have a user who needs to access a few webpages on a custom port. The link for example is something like: https://custom1.config.fake:2546/info bu

Adding URLs to an allow category caused some connections to be blocked

We added additional URLs to an existing custom url category and on our URL filtering profile, it is set to alert. These additional URLs are completely unrelated to the connection that started to fail. And as soon as we reverted those changes things b