Next-Generation Firewall Discussions

Auto Commit Failed and Gray Interfaces after upgrade to 11.0.2-h2

Upgraded to 11.0.2-h2 on my 410 last night and the interfaces were all showing gray after reboot. Auto commit was failing with the following error and just kept trying and trying.

client device phase 1 failure
Management server failed to send phase

...

Resolved! PA-440 not showing Dynamic Updates for Url Filtering

Hello, I'm using PA-400 PANos 10.2.6 and can't see the updates for URL Filtering (not even one DB). Antivirus, Wildfire, Apps and Threats are shown. I have advanced url filtering licence.

Does anyone know how to solve this?

Regards,

Luis

Resolved! Unable to See Data Redistribution Tab after upgradation

Hi,

I am unable to see data redistribution tab after upgrading my firewalls from 9.1.x to 10.1.x

Any thoughts.

OSPF issue betwwen PA VM-100 and Cisco 4431

Hello everyon,

I have an strange issue with OSPF, it is working normaly but one or two time in 24 hour palo alto loses its neighbors for 1 to 5 seconds.

I tied to troubleshoot and get message:

**** AUDIT 0x3e01 - 210 (0000) **** I:001d0046 F:00000

...

Resolved! EDL - unable to get local issuer certificate

Hi,

Having issues with EDL and certificates. Followed the best practices, and believe everything is set properly.

running pa-8xx clusters running 10.1.9h3, all have the same issue

opendbl.net cert chain is imported and set both root and intermed

...

SFTP file transfer restrict

Is there a way to restrict the use of SFTP for file transfers?

The condition must be allowed SFTP, but restrict only permit upload and deny download, or only permit download and deny upload.

Hi All ,
We are planning to implement application based rule like under application tab add required app and under service tab add application default.
However what would be best approach to apply rule where application is showing "incomplete".
Currentl

...

Resolved! renewal the Wildcard certificate Procedure

Can some one explain how to renewal the Wildcard certificate Procedure

Resolved! SSL Forward Proxy Not Working

Hello all, another problem on my road to learning! I have created a self-signed CA Cert on my Palo Alto firewall. Exported to my Windows 10 box, imported into root CA store etc. I have set the cert as a Forward Trust Certificate, created a decryption

...

URL Lookup Returns IP Address

We use a URL filtering profile to limit outbound traffic. Occasionally known good traffic will fail because an IP address, instead of the FQDN of the URL, is presented. The traffic is blocked because the URL (IP address) is in the "Unknown" URL cat

...

Resolved! How To use Certificate For Secure Web-GUI Access HA pair

Dear All,

referred below link for Secure Web-GUI access, successfully done with my primary firewall, how can i achieve this when i have firewall in HA?

How To use Certificate For Secure Web-GUI Access - Knowledge Base - Palo Alto Networks

I will

...

Syslog issue

Hello All,

When we are using 9.1.14 Pan os we are getting below "" between ,, after upgrading 10.1.10-h2 it is missing.....

Is there any way to get back the double quote like early?

Cloud Identity Engine (CIE) and group mapping on firewalls - Groups and/or group membership updates not working as expected

I just wanted to let more folks know about this KB article concerning Cloud Identity Engine (CIE) and group mapping on firewalls. Knowing about this issue documented in the KB ahead of time would have saved a lot of frustration for us. Its informatio

...

Is there a way to allow LDAP StartTLS While blocking normal unencrypted LDAP?

Custom URL category matching

Hello,

I'm trying to block a domain but allowing specific URL.

like:

test.com/ - block

test.com/test - allow

I made two custom categories and rules, first rule for allowing "test.com/test" and second rule for blocking "test.com"

The connection is h

...

Discussions

Auto Commit Failed and Gray Interfaces after upgrade to 11.0.2-h2

Resolved! PA-440 not showing Dynamic Updates for Url Filtering

Resolved! Unable to See Data Redistribution Tab after upgradation

OSPF issue betwwen PA VM-100 and Cisco 4431

Resolved! EDL - unable to get local issuer certificate

SFTP file transfer restrict

application based rule

Resolved! renewal the Wildcard certificate Procedure

Resolved! SSL Forward Proxy Not Working

URL Lookup Returns IP Address

Resolved! How To use Certificate For Secure Web-GUI Access HA pair

Syslog issue

Cloud Identity Engine (CIE) and group mapping on firewalls - Groups and/or group membership updates not working as expected

Is there a way to allow LDAP StartTLS While blocking normal unencrypted LDAP?

Custom URL category matching

ingress/egress interfaces part of firewall session?

IS-IS protocol protocol in Palo Alto next generation firewalls.

Active/passive failover validation was performed using Azure HA configuration getting failed due to Azure token failed with exception <urlopen

Palo Alto and Docker configuration

SSL Certificates expiration notification

Re: ingress/egress interfaces part of firewall session?

Re: Active/passive failover validation was performed using Azure HA configuration getting failed due to Azure token failed with exception <urlopen

Re: CVE-2023-48795 isn't fixed in the 11.1.3-h2 as is claimed in the advisory

Re: SSL Certificates expiration notification

Re: AntiVirus not showing up

Unlock your full community experience!

Resolved! PA-440 not showing Dynamic Updates for Url Filtering

Resolved! Unable to See Data Redistribution Tab after upgradation

Resolved! EDL - unable to get local issuer certificate

Resolved! renewal the Wildcard certificate Procedure

Resolved! SSL Forward Proxy Not Working

Resolved! How To use Certificate For Secure Web-GUI Access HA pair