What is "cdt_token" process?

Hi there,

Quick question. I'm currently troubleshooting a PA 3020 in version 8.0.12 for one of my customer. Its PA has huge DP CPU usage (arround 80%). I try to figure out the reason of this usage.

I've isolated the "ctd_token" process which is a big

DNS license and PAN OS 9.0

During Ignite we were told that DNS is coming as license service in PAN OS9.0.

Need to know is this service different from dns sinkhole?

IF it is how it is ?

Traffic dropped due to old discarded session

We have traffic rule to allow the traffic but seems traffic is dropped by the PA when i did pcap.

then from cli i did show session all filter source  there i see old session from april in discarded state.

i ran the command few times and this session w

Panorama pulling in vmware objects

I'm just wondering if there is a way for panorama to talk to vmware to pull in the virtual systems and tags for quicker deployments much like it can do with AWS. I have been looking around but I haven't seen anything specific and help would be great.

deny telnet command but permit JDBC protocol

We have an internal discussion about whether it is possible to block the 3 way hanshake TCP but allow the JDBC application protocol.
In other words we would like to block the test of the port with the command "telent address port" but we would like th

SSL Certificates from enterprise CA

I will admit, certificates are one of my bigest hates.. I just can't get on with them

Firstly we have a microsoft EnterPrise CA. Which I am not overly familiar with anyway ( But I have managed to get the web interface workig on it...)

Idealy what I w

RMA'd Panorama m-100, how to migrate?

We had to RMA our m-100 Panorama and now I want to replace the failing one with the new one but for the life of me can't seem to figure out the steps to do that.  The link from this page: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id

Refresh EDL from webserver

Hello community,

We are using EDL for manually blacklist and whitelist some domains. We configured all our firewalls to refresh the EDLs every 5 minutes, but EDLs don't refresh until a couple hours. The solution that we found is use the "import now"

Push custom signature using API

Hello colleagues, how I can upload to firewall custom signature using api or cli interface?

Palo Alto Vulnerability Points (Urgent Action Required)

Hi Team,

Can anyone provide your valuable suggestion here please.

Below are the VAPT points shared by customer and solution provided :

PA Vulnerability points (For reference please find attached pdf) :
1) ssl/tls protocol initialization vector implemen