Active CVE's on 10.1.6 -h6

Can anybody help me with the details of Active CVE's on 10.1.6-h6 version.

schedule for rule policy not on time

Hello

I set up a schedule for exist rule policy to be enable from 9:00 to 20:00. But I see there is traffic logs at 23.49, it does not terminate session at 20:00.

How to configure it to be enable only until 20:00 ?

Thank you

Post fixing the firewall from maintenance mode , facing issue in log forwarding

All, 

Recently our production PA-440 model firewall went into maintenance mode, and post rebooting it came back and all started working fine without any issue.

After few minutes of firewall came up, it stopped generating and forwarding (traffic, Threat

HA syn configuration

I have 2 PA-440 configure by HA,now one of FW hardware down,And I get a new FW from RMA.now I connect this new FW.

When I press "Sync to peer device", it prompts me that synchronization failed. I understand because I have not imported the license to

Antivirus Update on PA820 take up to 30 minutes to install since upgrade to 10.2.3

We've upgrade a cluster of PA820 to 10.2.3 and since that upgrade, Antivirus Update take up to 30 mintues to get installed.

Am i the only one facing this very poor performance?

Regards

BGP

My paloalto can't announce the routes learned via the bgp protocol. I need support assistance to check the configuration 

User ID firewall integration with mapping server or AD

Have to enable User-ID for corporates users. Not able to locate documentation around best practices for user id. for  example in my scenario.

we have one domain xyz.com with 50 domain controllers to monitor. we have winRM installed on all the domai

Error Index Protocol Error tlsv1 bad certificate status response. Received fatal alert BadCertificateStatusResponse from client

Hi folks, I'm using an SSL forward proxy policy and am getting this error:

GlobalProtect MFA with LDAP at Phase 1 and Okta Verify at Phase 2

Hello everyone,

I want to implement GlobalProtect with Multi-factor Authentication, with LDAP at Phase 1 and Okta Verify at Phase 2. Is it possible?

I have configured based on Palo Alto Document "Configure MFA between Okta and the Firewall" and m

DHCP Fail

Hello Community,

I have a FW with eth0 configured as DHCP client and it gets IP, no problem. But then I see lots of DHCP Fail system messages between lease renewals:

Are these normal?

Thanks!

PA-220 (A/P) Packet Buffer on DP filling up over time on passive Firewall

Hi There

We have two PA-220-ZTP Firewalls with PanOS: 10.2.3 and in Active-Passive configuration

On the passive firewall we see Packet Buffers on Data Plane filling up over time. The active firewall doesn't have this issue. I've just rebooted the p