Palo Alto Login issue though GUI " ERR_SSL_KEY_USAGE_INCOMPATIBLE " (Solved)

For the last few days, we have been experiencing an issue with logging in to the Palo Alto Firewall through the GUI. We are getting the below error from the browser during login.

Issues in PAN-OS 10.1.13

Dear All,

Did anyone installed the version 10.1.13, Can you please share your feedbacks regarding this version.

Device Telemetry is Showing Invalid Regions

Hi Friends,

Recently one of our customer has faced some issue in their firewall internally due to which they had to perform a factory reset.

After getting back the device up and fine we found a issue where commit is getting failed with Invalid Tele

Palo Alto - previous software disappeared after uploading 11.1.0-h3 version

Hello,

I wanted to update out Palo Alto 440 to a newer version and manually uploaded the 11.1.0-h3, however afterwards I can't see the previously uploaded softwares. When I checked in cli, they show up but with size 0 and I can't reupload any of them

Should I override the intrazone-default to deny?

TL;DR: yes, almost always.

We've had plenty of discussions on the behaviour of this default rule, and published Security Policy Rule Best Practices (paloaltonetworks.com) which provide guidance for logging. We've even discussed the results of these

Firewall PA-850

Hello all,

Could you please give me correct US and EU ECCN for PA-850?

Thank you in advance.

Best regards,

PA-7050 Firewall Upgrade

Hi All,

We are kind of confused on 2 documentations below.

We are planning to upgrade PA-7050 Firewall. Our initial Target version is 10.2.8-h3 because document 1 says it is possible.

BUT document 2 is saying this specific model is supported up

Multiple ARP requests bringing network segment down

We have a guest network for which our PAN firewall is the default gateway.  Periodically we have a wireless client begin ARP'ing for the gateway address over and over again.  So much so that we can no longer ping the gateway address (PAN interface). 

FW Outbound policy

Hi

What is the best practice policy outbound from the FW itself (i.e management )?

Allow any out? *.palotalto.com?

SSL Inspection

Hello

I configured my firewall with SSL decryption. Regarding the certificate, what is the best practice ? Is-it to generate the certificate used for Outbound traffic from our internal PKI (with the problem to deploy the certificate on Linux system

Error Encountered Bringing Up PaloAlto VM in ESXi (6.5)