Having issues with ipsectunnel after upgrading FWs(5260s) to 10.1.3

Hello Palo Community!

I have a a couple of ipsec tunnels connecting to a cloud vendor providing ERP services to our users. Since we upgraded our FWs to 10.1.3 a couple of weeks ago from 9.1.10, we are having issues with connection slowness, timeout

FW Policy Skipped When Either App-Based only or SMTP-BASE app and 587 Port is Defined

Firewall is skipping policy when the traffic has smtp-base port 587 on it. 

I created a firewall policy application based with smtp-base as application but it skips the policy goes to the implicit interzone deny policy. So I created it with by just po

intrazone default

Hello,

I am observing that tcp connection between two hosts remaining in the same zone are not able to establish TCP connections [htts], while ICMP is successful. Tracing the traffic it shows up as application incomplete, rule intrazone default is hi

provide temporary internet access for some systems at specific period(1day)

our requirement is that temporary internet access systems want to remove automatically after specific period. any options available in Palo Alto?

Multiple L2 interface with same vlan tags

Hello All

We are migrating our fortigate firewall to palo alto. Fortigate is configured in transparent mode

Currently we have 2 networks and both network have same vlan ID and subnet range.

We plan to configure L2 interface on Palo alto then add

no_matches error

Hello,

I am having a problem accessing the Palo Alto cli/web.

I recently took the trial version of 30 days, but I always come across the following message when trying to log in.

"cfg.general.need-acknowledgement-to-login' no_matches".

I've lef

Network monitor shows huge traffic spike, but can't find traffic details

Hey folks.

I had a situation today whereby one of my PA's was responding really slowly across IPSec tunnels and for Global protect clients - so once I could get onto it I started digging into the network monitor to see if I could find out if there

SSH Proxy Bock Session with Unsupported Algorithm - What are the palo alto predefined unsupported SSH algorithm and version.

Palo Alto SSH Proxy blocks ssh traffic with error message unsupported Parameters. This is because of the SSH Proxy profile. However where can I find the parameter used for this communication and what is the recommended / supported parameters/algorith

Different telemetry region in ha firewall

Firewall A

Previously Default  Device Telemetry region is America 

After sudden commit fails due to error : 'Americas' does not match lcaas region 'in' 

So i changed the telemetry to india which is present in the drop down.

Now ,

In firewall B vice v

Certificate installation on device through remote system via REST API

Folks,

As we can see on palo public API docs , Seems it does not have REST API support for certificate management.

Is anyone tried or used REST API calls for certificate management ? 

#certificate #REST-API

Impact after Changing the key size setting clears the current certificate cache.

Due to VA Scanner scan my firewall having vulnerabilities of SSL Certificate Chain Contains RSA Keys Less Than 2048 bits .

So I plan to follow below KB to change the key size.

https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/certificate-man