Next-Generation Firewall Discussions

stable version for pan 10.2 or 11

Hello Team,

Currently we have virtual firewall vm100 with version 10.1.5-h1, I want to update it to 11 version.

Could you please let us know the stable version for pan 10.2 or 11.

No policy recommendation for IoT

I have my firewall (PA-440) licensed with an IoT security license. The IoT security portal is working great and recognizing devices in my network. But I have a problem: I don't know why, when I go to the policy recommendation for IoT, the profiles fr

software update question

When updating Palo firewalls, why the need to update through each base version as well as a preferred maintenance version?

e.g. if going from version 8.1.x, to 10.1.x,  why 9.0 >  9.0.x > 9.1 > 9.1 > 10.0 etc.

IF each baseline version release e.g.

Decryption: Received fatal alert CertificateUnknown from client

Hi Folks, 

I'm seeing some instances of "Received fatal alert CertificateUnknown from client" errors in the decryption log when the root\issuer certs are clearly in the FW's cert store. Attached are screenshots of the error and the FW's cert store.

Firewallcrash because of Application cloud Engine (ACE)

Hi community

Since about 2 weeks a vm firewall started getting problems with random crashes. Our setup is a firewallcluster but so far the active firewall crashes almost completely silent. At least the firewall does not initiate a failover to the p

About certificate

Migrating configuration from the firewall running PAN-OS 9.1 to new firewall running PAN-OS 11.1 directly

Hi LIVEcommunity

I plan to migrate the configuration from a PA-3020 firewall currently running PAN-OS 9.1 to a new PA-1410 firewall running PAN-OS 11.1.

I'd like to know if it's possible to directly import the configuration from the older firewal

Zscaler Traffic Pattern

My company users are using ZCC on their laptops. Recently, there has been an issue where Zscaler traffic is being denied by the Palo Alto Firewall.

Upon checking the logs, it appears that the ZCC traffic pattern changed into web browsing and HTTP Prox

Unable to Block Personal Gmail on Ubuntu Machines.

Hi Friends,

We have a customer who is facing issues in blocking Personal Gmail on Ubuntu Machines.

I have followed the below mentioned discussion and created the URL filtering and Policies.

https://live.paloaltonetworks.com/t5/general-topics/block-

FW Policy Skipped When Either App-Based only or SMTP-BASE app and 587 Port is Defined

Firewall is skipping policy when the traffic has smtp-base port 587 on it. 

I created a firewall policy application based with smtp-base as application but it skips the policy goes to the implicit interzone deny policy. So I created it with by just po