VM-Series Esxi and KVM

Hi guys I have received a 30-day trial vm series for ESXi and KVM to my official email ID to check its features, we have deployed it in our virtual environment in ESXi and KVM, but it shows an error during the login as shown in the screenshot, I have sent an email but no response from PA, rather they some link there login unexpected error to in ...

Are there any cases where certificates are marked as UNKNOWN other than when using CRLs with IDP extension?

Hello everyone, From the following knowledge, I understand that in CRLs with IDP Extension, certificates not listed in the CRL are marked as UNKNOWN. PAN-OS Behaviour for CRLs with IDP Extension: Certificate marked Unknown" if not listed in the CRL"https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CldJCAS Are there ...

Static route path monitoring using a destination within a different virtual router

Hi, Is it possible to set up path monitoring for a static route using a destination IP address in a different virtual router? My scenario is within virtual router 'A' I have a static route with a destination of a NAT range pointing to an interface to get it in to the routing table and then advertising it via BGP. Traffic destined for the NAT IP'...

potential issue with RADIUS traffic passed through Palo devices

Hi all, There is a good chance this is not in fact a firewall issue at all. But I just wanted to ask people who have more experience than me. Has anyone experienced an issue where despite RADIUS traffic being passed through a Palo appliance successfully, RADIUS authentication has still failed? The scenario I describe is from Meraki AP's to a w...

PaloAlto 5420 Recommended 10.2. PanOS Version

What`s the PanOS Version recommended for PaloAlto 5420 Recommended in 10.2

Preparation for the new NGFW-Engineer certification due to the retirement of the PCSFE exam

I was preparing for the PCSFE exam, but will there be a significant difference in the questions compared to the NGFW-Engineer exam?

Ikev2 liveness check

Hello, I have a couple of questions regarding IKEv2 Liveness Check and DPD (Dead Peer Detection) on Palo Alto Networks firewalls. I’ve come across some conflicting information in various articles. Some mention that DPD is always active and cannot be disabled in IKEv2, while others suggest that the Liveness Check is the new version of DPD in IKEv...

eBGP to eBGP redistribution

Hello, In a NGFW how to redistribute a default route received via eBGP on one circuit to another circuit, also via eBGP. Basically performing an eBGP to eBGP redistribution. Thanks. Best regards

Do you know why you cannot check the Block IP list in other models except PA3200 , PA5200, PA5400 and PA7000 Series

Hi I should look at 'monitor > Block IP List' However, the tab could not be checked in the VM series and 3400 series. And after checking the document, I found that only the 3200, 5200, 5400, and PA7000 Series support H/W Block IP List. Are there any differences between the models mentioned above and the 3400? And is it correct that there ...

when I configure custom option 6 on DHCP, will it be over rides the primary and secondary DNS?

ADEM for on premises options?

Is this going live with ADEM for on premise firewalls? It seems the programming is already inside global protect, it's just a matter of turning on inside the firewalls.Does anyone have a timeline or some info regarding when this will come live for on premise firewalls?

Enabling CTD inspection

CVE-2020-2035 PAN-OS: URL filtering policy is not enforced on TLS handshakes for decrypted HTTPS sessions For this CVE, the solution was to enable CTD inspection May I know is there any impact to the system by enabling the CTD inspection?