BGP enabled BFG Profile, 1 of the peer will marked down by bfd control detection time expired for BFD session.

2 BGP peer .

1 bfd profile can be used for BGP .

1 of the peer will trigger a Critical/high system log.

The log is 

BFD state changed down for BFD session 6 to x.x.x.x on interface x.x Protocol :BGP

BFD control detection time expired for BFD sessio

Fuel Workshop - Watch Now: Managing Your Palo Alto Networks Assets and User Accounts

In case you missed it, check out this new Fuel Workshop series!

The series will cover the following topics:

• Customer Support Portal Overview
• License Management
• RMA Best Practices

Why are you still here ? Dive into the three-part Fuel Workshop vi

Knowledge sharing: Palo Alto General Logs and Log files that are in the managment, data and control planes overview/review

1. Most of the palo alto well known deamons have their own logs that can be reviewed:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLUeCAO

2. It is interesting that in the higher end Palo Alto platforms like PA-5000

Is there a way to test remote host ports from the palo alto firewall?

Hello Palo Alto Team,

I new to Palo Alto and loving it but I am looking for PAN-OS cli commands similar to telnet, nc (netcat) or curl etc.. I have seen there is an option to do ssh source port (the scp command also supports this), can this replace

Recently just installed expedition in the VMware, however couldn't login to the Expedition via google chrome

Recently just installed expedition in the VMware, however couldn't login to the Expedition via google chrome.

Don't know where to load the google chrome?

Post Expiration Admin Login Count

Hello expert,

I wanted to check if someone encountered same issue as mine.

We did configure password profiles in our PA-820 (version 10.2.9) by enabling "Post Expiration Admin Login Count" to 3 times.

Somehow, after password was expired it just str

Chrome (HSTS) NET::ERR_CERT_AUTHORITY_INVALID - with 10.1.14h4 update

We updated PANOS (on Friday before h6 was released on Sat) to 10.1.14-h4, rebooted and now our users are sporadically complaining about when using google Chrome (Edge not effected), getting a "Your connection is not private" NET::ERR_CERT_AUTHORITY_I

Настройка mikrotik на Palo Alto

Здравствуйте всем можете помочь у меня интернет настроен на mikro tik с внешней и внутренней интернетом и подключена на d link. Я хочу подключить интернет на mikro tik и Palo Alto и патом d link . Я настроил Palo Alto как мост (bridge) но все ровно н

Cortex XDR Prevent, URLs

Good afternoon, it is possible from Cortex XDR Prevent to block access to specific internet URLs. Or failing that by category?

General TLS protocol Error

We have forward proxy (ssl decryption configured)

We are having intermittent access to some webpages users have to reload the page to gain access.
We are seeing General TLS Error on the decryption logs under Error.

What Iv found out about the error

AWS GWLB VPC Endpoint Associations no longer work post-upgrade

New periodic alert: Configuration size 19MB is above 80% of the maximum recommended configuration size 23MB for the platform.

Dear all,

since a couple of days I'm getting alerts like:

Configuration size 19MB is above 80% of the maximum recommended configuration size 23MB for the platform. Please consider removing unused configuration

I removed all old auto saved configs

Enable global setting preserve-prenat-feature for prenat user-id

Hi. I have GP and userid configured at Pan OS 11.1. I'm getting the message.

• Warnings:
• . vsys1
• . Warning: please enable global setting preserve-prenat-feature for prenat user-id to be effective.

I can not find anywhere in menu the mentioned global se

Facing multiple issues post upgrade to 11.1.4-H4

I observed multiple issues pos upgadation to 11.1.4-H4

1. Panorama not showing all logs under Monitor TAB - In release notes this issue mentioned as fixed in 11.1.4-H7, But still not fixed

2. GP auth's are failing when enforced Certificate+SAML Aut

internet issue

i have PA 440 trying to access the internet and i have set virtual router with default route to dataplane interface however when i try to ping anything on the internet the reply comes from the mgmt interface.

(attachment)