Failed to renew device certificate

Hi

the device certificate is going to expire end of march.

My PA trys to renew it and comes up with the following error:

Failed to renew device certificate.Failed to send request to CSP server.Error: No OCSP response received(dest => 35.238.43.180)

I h

Network segmentation via nexus using VRFs and virtual router Palo alto with BGP peering

Requirement: have to make firewall config based on network configuration done on Nexus. My challenge is Communication is not posoble with network guys coz they are Chinese, customer speak different language as well. 

OBJECTIVE: we want DC firewalls t

Gp version 5.2.10 upgradation issue

In global protect portal  App>> Transparently setting we have done. but after this setting Global protect client version not updated automatically now 15 days passed .is there any issue in 5.2.10 version of Global Protect.   

Skype Stun Not Allowed due to incorrect UDP Port in APP-ID

Hi,

One of my customers is having an issue where by Skype is not being allowed through despite the Stun and RTP applications being allowed through:

Previously we'd used the 'skype' and 'skype-probe' but this was not matching with the traffic.

Lookin

flow_fpga_ingress_exception_err and high latency

Recently deployed several PA-5250s Running 10.1.3 and there is a issue that randomly comes and goes.

Latency for traffic going through the firewalls spikes to 100-500ms. I was able to capture one thing that looked peculiar and that was flow_fpga_ingre

category malware with action allowed

Hi,

we use Splunk.

We tried following searchstring: http_category=malware | timechart count BY vendor_action

We find out that we get back action allowed with category malware.

Is there a failure in the search? The action in our URL security profi

CURL ERROR: Could not resolve host: serverlist.urlcloud.paloaltonetworks.com

Hello all , Thanks to check my problem as below 

Palo Alto Firewall cannot resolve DNS Server IP Address

CURL ERROR: Could not resolve host: serverlist.urlcloud.paloaltonetworks.com

Failed to resolve host wildfire.paloaltonetworks.com

please i will waiti

VM series log not detected in Azure Sentinel

Here’s the problem statement:

1] If Syslog UDP 514 is configured in PAN FW on-prem and vm-series, There were missing logs in AZ Sentinel, Incomplete logs is experienced and there were packets fragmentation.

2] MS Sentinel support recommended to change

Even block of Geolocation inbound and outbound Google & other showing South Korea

We are facing issue with location even we block for example south Korea but all infrastructure VM GP showing location South Korea.

Any thing that i am missing ?

Clientless VPN question

Hi All,

I have a query for Clientless VPN. I have a working solution which is suitable for a normal user. Unfortunately I seem to have abnormal users (don't we all really) who are complaining that there are too many log ons. They have to log on to Cl

Using minemeld to whitelist Oracle Cloud IP ranges?

I currently use minemeld to whitelist the list of O365 IP ranges etc, but I have not been able to find a miner for the Oracle Cloud.

Oracle publishes a JSON file with the relevant IPs (https://docs.oracle.com/en-us/iaas/tools/public_ip_ranges.json)

user-id-agent unexpected here

Hello, 

i just update pan os from 9.1.6 to 10. 

And on one of the firewall i get error:

..........
Validation Error:
user-id-agent unexpected here
vsys is invalid
[edit]

Could you please advice were can be the problem.

Thank you!