When will PAN-OS start supporting modern SSH ciphers?

I'm running PAN-OS 11.1 and an Ubuntu 24.04.1 server which runs OpenSSH 9.6p1.

I had to tune my sshd_config to support really ancient stuff like aesXXX-ctr and hmac-sha1 just to allow for SSH decrytion...

Please Palo Alto update the supported ciphe

A very weird Behavior on SIP traffic traffic reversing back to the same egress interface

Hello everyone , im seeing a very strange behaviour in my pa-445 version 11.1.4-h7 firewall , where i have an interface on the firewall which is a gateway to my voip devices , the same firewall connects to the voice server through an ipsec tunnel int

How can I extract the IKEv2 encryption keys SK_ei and SK_er on PAN-OS 11.2?

How can I extract the IKEv2 encryption keys SK_ei and SK_er on PAN-OS 11.2 (for the purpose of decoding a packet capture file in Wireshark)?

The following article describes the procedure:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?

GlobalProtect Portal require :443

Hi All,

I have an issue where we need to input <firewall IP Address>:443 in order to connect. But some of my users does not require the :443 to connect to the VPN.

Screenshot as shown below,

Any way that i dont even require :443 to be connecte

How to create ACLs for access to AWS workspaces (EDLs don't cover all IPs)

I need to create ACLs for outbound access to AWS workspaces using the destination IPs / subnets / FQDNs shown on AWS publication https://docs.aws.amazon.com/workspaces/latest/adminguide/workspaces-port-requirements.html#ip-address-regions.  

PAN pu

Websites stopped working after update

Hello,

We have updated 10.2.6-h3 to 10.2.8-h3 earlier and recently to 10.2.10-h9 but in both times we had to do rollback to 10.2.6-h3 because our websites stopped working.

Everything else seemed to work except inbound traffic to these applications.

Inbound TLS/SMTP inspection (to FortiMail)

Hi,

I'm wondering if anyone happens to be doing successful inbound inspection of SMTP/TLS to a FortiMail appliance? Or any other mail server for that matter.  I've run in to a brick wall when it comes to renegotiation. The Palo is serving the correct

Mulit-Vsys setup with Wildfire

Hi Friends,

We are planning for a multi-vsys PA setup, where one vsys will have only L3/L4 policies and second vsys will be in L2 bridge mode with Threat prevention features only.

Vsys1 will only scan L3/L3 policies while vsys2 will scan traffic fo

PaloAlto Passive Firewall Monitoring in HA Setup

Hi everyone,
Greetings!

I’m currently using OpManager to monitor a Palo Alto firewall in an HA Active/Passive setup, and the Link State of the interfaces on the passive device is set to auto.
While OpManager is able to correctly pull interface details

PA-VM sysd_construct_sync_importer

We got a customer that runs into this issue recently, it's a known issue (not public) for versions 11.0.0, 10.2.3, 10.2.2-h1 (and also to us 10.2.3-h2, 10.2.2-2).

When you run into this, means that there's a hardware issue, please go to TAC in order