Issue on updating cert on Palo Alto FW pair

I got an issue to update a cert on PA pair.

The issue is very similar to what it describes under

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CldECAS

I import the new cert to both PA FW units and change config to use the new

PAN-OS 9.0 Static Route Commit Warning

Just a note here that I am getting a cosmetic warning during commit of a newly-upgraded PA-220 (my lab box) to PAN-OS 9.0.  

Prior to the upgrade, I had a static route in my virtual router, to redirect all traffic going to 192.168.1.0/24 to my tunnel

can't able to get response for show running security-policy command from the device via SSH

we are using Paloalto PA-5220 PAN-OS 8.0.7 virtual firewall. using a third tool we trying to fetch the policies using the command "show running security-policy".  when the command is entered it stays still and the policies are not shown. It happens s

NAT

HI,

when do we use the destination nat ,source nat and  identity nat 

I mean what is the use cases for the above 

Thanks

Interface issue - see traffic but no arp entry for gateway

We have an issue with an interface that is talking weirdly.  We have changed ports to rule out hardware, and I can work ok with a laptop in the same switchport.  The line comes from Verizon's media converter to a switch that is connected to the pair

Document on VM information sources for Windows User-ID Agent?

Anyone have a good document or link on the windows user-id agent for monitoring VM information sources?  Looks easy enough to setup on the windows agent, but how does it monitor/parse logs and what exactly does it do when making the connection/permis

App-ID - ms-rdp not allowed, traffic being blocked as cotp

Hi All,

Were running 7.1.14. 

Ive created a rule to allowed ms-rdp to the rule. Ive checked first if ms-rdp has any dependencies, there is none. It implicitly uses cotp and t.120.

So from what i understand from the meaning of Implicitly uses, i only n

Usage Difference between SSL Forward Proxy and Inbound Inspection Decryption mode

Hello

i have read the articles regarding the types of ssl decryption:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClV8CAK

https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/decryption/decryption-concepts/ssl-forwar

Template Stacks for HA (Active\Passive)

Looking to deploy template stacks to all of our managed firewalls from our Panorama 8.1.x. I am wondering how to deploy STACKs with values unique to each individual in a HA (active\passive) pair. Some settings would include:

Hostname,

HA configuration

Palo Alto 8.0.7 basic ospf configuration not working with aruba switches

Folks,

              We have 2 Palo Alto FW and 4 aruba switches in the same area (area 0), we are noticing that the aruba fw is loosing neighbor relationship with the routers every couple of seconds 30-60 seconds. The configuration is very simple, an

Adding filter "?v=panosurl" broken access to all websites

Custom URL category is configured to block phishing URLs collected from Linux MineMeld server through EDL. For some reason adding filter "?v=panosurl" (https://10.9.0.60/feeds/phishing-url?v=panosurl) to retrieve URLs in PAN-OS supported format (malw