Next-Generation Firewall Discussions

Protecting Admin UI with Duo MFA

I'm attempting to setup Duo MFA with the admin UI of a PA-3220 running PAN-OS 10.2, but have been unsuccessful. I've found that the guide, https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/authentication/configure-multi-factor-authentication

Upgrade on the 1410 Apps failing

We have a new 1410 which has an Active Threat Prevention license and running on 11.0.2-h10. We are trying to upgrade to 11.1.6-h3. 

When I tried to update the apps, to  I am getting the error panupv2-all-apps-8953-9331. Does it need an earlier upda

Hardware Refresh from 820 to 445, able to copy config from 820 into 445?

I need to refresh an 820 to a 445 then another pair of 820s in HA to a pair of 445 in HA. Using on the box for management, no Panorama.  Can I take the configuration from the 820s and load it into the 445s? 820 are currently on 10.1.14-h8. If not, if

Well knows URLs are getting marked as not-resolved and traffic getting blocked in Advanced URL Filtering in PA-450 box

We recently implemented a PA-450 firewall box in the organization and well knows URLs are getting marked as not-resolved and traffic getting blocked in Advanced URL Filtering. Any certain configurations we need to modify to avoid this? Find more info

Many ping drops during failover

We have a setup as shown above and when we do a failover testing (power off the active firewall), we see atleast 15 ping drops when we ping devices from one vlan to another, The vlans are configured as sub-interfaces on the firewall. Switches are ju

Azure Plugin - Automation

Hi everyone,

I am searching for a way to automate the creation of Server Principals and Monitoring Definitions in the Azure Plugin Section. Does anyone know if there is a way to do that? For example via the API?

System Log High :tls-X509-validation-failed

We are receiving a system log on our PA440 suddenly:
PublicCloud Server certificate validation failed. Dest Addr: (null), Reason: unable to get local issuer certificate
we have no decryption and we have a certificate chain.

Multi Vsys Firewall config backup through API

Hi All, 

Anyone have Idea or API query to export the Full configuration on the Multi vsys Firewall. 

Unable to Login on Secondary Device in Active Passive HA Using Superuser

Hello Team,

We are currently facing an issue with logging into the secondary firewall in an Active-Passive HA setup using any superuser credentials other than the admin credentials.

When we create a new superuser account or make changes on the ac

HIP-Check for tennant id check with regestry (CID)

Hello, im trying to do a hip check for the registry of the CID for CrowdStrike. 

in this link you can find the registry path and the registry itself for the CID.

https://stackoverflow.com/questions/70030265/how-do-i-view-alphanumeric-registry-values-

PA-1400 Series Power Supply Specifications

Hello everyone,

I would like to know the following three points about the specifications of the A-1400 series power supply.

1. The maximum power consumption value is different between the PA-1400 series spec sheet and the hardware reference.

Is t

Enquiry for the release date for PAN-OS 10.2.14

Enquiry for the release date for PAN-OS 10.2.14

When will it be released? In some documentation it said early march, when can we expect the release.

IPSEC behind NAT

Hi all,

I am trying to enable a IPSEC from PA1 to PA2

However PA1 sits behind a NAT device which I have no control of and the PA outside interface is been given a 192.16.1.X address

I have gone through the following KB https://knowledgebase.pal