URL filtering response Page

Hi Friends, We have a requirement regarding the URL filtering response page. Currently, when a URL is blocked due to a predefined or custom URL category, the URL blocked response page is displayed. However, if the traffic is denied through the QUIC protocol, the predefined URL response page does not appear. Is it possible to display the URL fi...

How to check temperature sensors from GUI

Hi, I was wondering if it is possible to check the temperature sensors of a Paloalto PA-220 firewall from the GUI. I have seen that it is possible to check via the CLI, but I do not have immediate access to the CLI and was wondering if it could be done through the GUI. Thank you in advance

User-id agent Servicer connection using Kerberos

Hi Our Palo NGFW connects to AD servers using Kerberos as part of the user-id feature. We have received advisories from other networking partners that MS is applying a change in the way it enforces certificate based authentication - KB5014754. Does anyone know if or how this may affect the user-id authentication on the Palo? Any advice on how ...

Byte swapping needed on packet captures taken from tunnel interfaces

I noticed something odd with packet captures taken involving traffic originating from a tunnel interface (used for GP VPN clients) where the Ethernet Type header was byte swapped. Meaning instead of 0x0800 it was 0x0008. The screen snips illustrate the raw exported packets from a NGFW running 11.1.4-h1. Wireshark 4.4.3 with no packet dissector/d...

Upgrade CVE-2024-0012 and CVE-2024-3393

we need to upgrade paloalto from version 10.2.9.h1 to version version 10.2.9.h19 as a CVE Remediated is this version will mitigate this two CVEs

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

GlobalProtect Machine based Certificate Access

Hi Long time listener, first time caller. Since we have so many brute force attacks with GlobalProtect lately, I wanted to do machine based GlobalProtect Certificate access. Meaning we use a third party Certificate server within our environment to create Certificate and I assume this server would also be Root CA. Then push cert to all devic...

Discard a candidate configuration

How to discard a candidate configuration, I changed the order of rules by mistake and I see a commit. How do I discard it?

Allow download no upload

Can some one help me on below requirement.Need to allow users to download only of files from online-storage and backup Category and we should restrict upload.thanks

Facing issues in login to the portal

client gp_broker phase 1 failure commit failed

Hello,If someone experiences an auto-commit failure after an upgrade with the error message "client gp_broker phase 1 failure commit failed," here i provide a workaround solution :show jobs allEnqueued Dequeued ID PositionInQ Type Status Result Completed--------------------------------------------------------------------------------------2025/01...