Error deleting custom URL categories?

I created a custom URL category and then tried to delete it and got this on the validate, any ideas please?

Operation           Validate

Status   Failed

Details  member corp-blocking-exclusions is an invalid reference

Invalid block

Invalid url-filtering

Panorama and firewall upgrades schedule

Have a question related to the upgrades;

Can i schedule the Panorama software upgrade ?

Also , can i schedule the Managed firewall upgrades through Panorama ?

I see schedule option for App and threat updates but not for PanOS images

Error when renewing Certificate "Failed to read certificate"

Hello Bro,

              Recently, I was trying to renew a certificate but I received the error "Failed to read certificate".

I have tried it like 4 times receiving the same error.

Tried by renewing the CA first or by the child first, both cases I re

SYSTEM ALERT : high : Number of hints on disk has exceeded 5000 due to log forward failures

Hello I receive many alerts with subject SYSTEM ALERT : high : Number of hints on disk has exceeded 5000 due to log forward failures. I do not have panorama (never did). Is there a way for these alerts to stop.

Below is the alert i received from emai

Certificate not valid

I am trying to setup Machine authentication, where it actually validates the machine certificate, I have a PKI infrastructure, that pushes certificates to the machines, with there name in Common Name, and SAN, of the machine hostname. 

On they Certif

radius and PANF gui

Hello ,

I have integrated Radius with VM FW

the ssh to FW works . I have not created any local user on FW , All users are on radius server

but gui to FW does not work  with radius account ;

when i enter radius creds in gui , it accepts and co

Tests anti-malware signatures before releasing them to the public

I would imagine Palo Alto tests dynamic updates such as  Antivirus and Device-Dictonary signatures through a rigorous process before releasing them to the public.  Does anyone know where I can find that process?

LDAP

We plan to enable channel binding for LDAP on our domain controllers.  Since the firewalls use LDAP for querying AD information from the domain controllers, do we need to make any configurations to the firewalls to be compatible?

Captive portal auth with Client Certificate as first auth method and local auth as fallback

Hello team, 

To identify my users, I have used Captive Portal with ldap authentication profile.

Then I removed the ldap from the captive protal config and added a "Certificate profile", and it works well as well.

However, when I assign both an ldap pr

Rule has application any and port 3389 we see discard for application cotp

We have security policy to allow any application on port 3389.

I see users are able to connect to server on port 3389.

traffic log shows denied on application cotp.

my understanding is that if you have application as any it should cover all the applic

Accessing Mgmt Interface over IPSec

Hi Team,

Is it possible to connect to Mgmt interface over the IPSec tunnel from external interface?

Regards,

Sanjay S

Intrazone-default rule

Hello,

I would like some advice on Palo Alto's default intrazone-default rule.  Unless I have a drop any any above this rule I see IP's from all over the public internet hitting my Palo Alto and being accepted on the intrazone rule as the traffic is

PA restart with Internal packet path monitoring failure

We have a pair of 3220 in a cluster. Yesterday we upgraded to 10.2.9-h11 and today we faced a restart of the Active peer twice with this error:

Internal packet path monitoring failure, restarting dataplane

I could not find any bugs related to this