Next-Generation Firewall Discussions

Service l3svc restarts in loop on PA-1410

Hello,

In my new PA 1410 I've noticed that the l3svc service restarts in a loop.
The PA-1410s are in version 11.1.4-h7
I restarted the l3-service ( debug software restart process l3-service ) with no change.

Also restarted the mgt plane (also the fir

URL filtering response Page

Hi Friends,

We have a requirement regarding the URL filtering response page. Currently, when a URL is blocked due to a predefined or custom URL category, the URL blocked response page is displayed. However, if the traffic is denied through the QUIC

How to check temperature sensors from GUI

Hi,

I was wondering if it is possible to check the temperature sensors of a Paloalto PA-220 firewall from the GUI. I have seen that it is possible to check via the CLI, but I do not have immediate access to the CLI and was wondering if it could be do

User-id agent Servicer connection using Kerberos

Hi

Our Palo NGFW connects to AD servers using Kerberos as part of the user-id feature. We have received advisories from other networking partners that MS is applying a change in the way it enforces certificate based authentication - KB5014754. Does

Byte swapping needed on packet captures taken from tunnel interfaces

I noticed something odd with packet captures taken involving traffic originating from a tunnel interface (used for GP VPN clients) where the Ethernet Type header was byte swapped. Meaning instead of 0x0800 it was 0x0008.

The screen snips illustrate t

Upgrade CVE-2024-0012 and CVE-2024-3393

we need to upgrade paloalto from version 10.2.9.h1 to version version 10.2.9.h19 as a CVE Remediated

is this version will mitigate this two CVEs

logging for external dynamic lists?

Is there any logging for EDLs? I am looking for things like:

• a change in the EDL was detected
• errors in the EDL (invalid IPs or URLs)
• EDL is too large / too many entries

It would be great if I could alert on any of these.

Is there a way to configure Pan-OS to integrate with an ACME server for certificate enrollment?

Hello,

I am working with an IPsec VPN setup on my Palo Alto Networks firewall and am currently using certificate-based authentication. My organization utilizes an internal Certificate Authority (CA) that supports ACME (Automatic Certificate Managemen

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

GlobalProtect Machine based Certificate Access

Hi

Long time listener, first time caller.  Since we have so many brute force attacks with GlobalProtect lately, I wanted to do machine based GlobalProtect Certificate access.  Meaning we use a third party Certificate server within our environment t

Discard a candidate configuration

How to discard a candidate configuration, I changed the order of rules by mistake and I see a commit.

How do I discard it?

Allow download no upload

Can some one help me on below requirement.

Need to allow users to download only of files from online-storage and backup Category and we should restrict upload.

thanks