Next-Generation Firewall Discussions

logging for external dynamic lists?

Is there any logging for EDLs? I am looking for things like:

• a change in the EDL was detected
• errors in the EDL (invalid IPs or URLs)
• EDL is too large / too many entries

It would be great if I could alert on any of these.

Is there a way to configure Pan-OS to integrate with an ACME server for certificate enrollment?

Hello,

I am working with an IPsec VPN setup on my Palo Alto Networks firewall and am currently using certificate-based authentication. My organization utilizes an internal Certificate Authority (CA) that supports ACME (Automatic Certificate Managemen

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

GlobalProtect Machine based Certificate Access

Hi

Long time listener, first time caller.  Since we have so many brute force attacks with GlobalProtect lately, I wanted to do machine based GlobalProtect Certificate access.  Meaning we use a third party Certificate server within our environment t

Discard a candidate configuration

How to discard a candidate configuration, I changed the order of rules by mistake and I see a commit.

How do I discard it?

Allow download no upload

Can some one help me on below requirement.

Need to allow users to download only of files from online-storage and backup Category and we should restrict upload.

thanks

Facing issues in login to the portal

client gp_broker phase 1 failure commit failed

Hello,

If someone experiences an auto-commit failure after an upgrade with the error message "client gp_broker phase 1 failure commit failed," here i provide a workaround solution :

show jobs all
Enqueued Dequeued ID PositionInQ Type Status Result Compl

Finding FQDNs for blocked IP's or SSL-Inspection

Once a week, someone reports having issues accessing a site.  Today that issue involves a credit card processing page that is aging-out because there is no SSL inspection exception.  FW Logs of course show an IP address (no URL/FQDN), and the rule to

Dual ISP setup on 1 virtual router kb issue

Hello.

so I need to setup a dual ISP setup and found below kb.
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLL8CAO

I know there is also one using different virtual routers but for this specific setup it seems this one is

PA-445 on PAN-OS 11.1.2-h3

First time posting so please bare with me.

Currently running into an issue that looks like a potential bug or an issues specifically with the PA-445 model (Support Case has been submitted and is in the works; but we'll see what happens) Two differe

EDL is accessible but IP addresses are not populting in firewall

Hi All, I am currently facing an issue where the EDL is not populating with IP addresses, however, from the same EDL server URL list is populating fine. The EDL is already applied to a policy, and for testing i have added only one IP address in it. A

Root Partition Full

Hi All,

I am trying to clear root partition on our passive FW.

It was suggested in one of the articles(https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClaJCAS)that we can try to delete Core Files.

But Im kind of hesita