Next-Generation Firewall Discussions

OSPF issue betwwen PA VM-100 and Cisco 4431

Hello everyon,

I have an strange issue with OSPF, it is working normaly but one or two time in 24 hour palo alto loses its neighbors for 1 to 5 seconds.

I tied to troubleshoot and get message:

**** AUDIT 0x3e01 - 210 (0000) **** I:001d0046 F:00000

...

Resolved! EDL - unable to get local issuer certificate

Hi,

Having issues with EDL and certificates. Followed the best practices, and believe everything is set properly.

running pa-8xx clusters running 10.1.9h3, all have the same issue

opendbl.net cert chain is imported and set both root and intermed

...

SFTP file transfer restrict

Is there a way to restrict the use of SFTP for file transfers?

The condition must be allowed SFTP, but restrict only permit upload and deny download, or only permit download and deny upload.

Hi All ,
We are planning to implement application based rule like under application tab add required app and under service tab add application default.
However what would be best approach to apply rule where application is showing "incomplete".
Currentl

...

Resolved! renewal the Wildcard certificate Procedure

Can some one explain how to renewal the Wildcard certificate Procedure

Resolved! SSL Forward Proxy Not Working

Hello all, another problem on my road to learning! I have created a self-signed CA Cert on my Palo Alto firewall. Exported to my Windows 10 box, imported into root CA store etc. I have set the cert as a Forward Trust Certificate, created a decryption

...

URL Lookup Returns IP Address

We use a URL filtering profile to limit outbound traffic. Occasionally known good traffic will fail because an IP address, instead of the FQDN of the URL, is presented. The traffic is blocked because the URL (IP address) is in the "Unknown" URL cat

...

Resolved! How To use Certificate For Secure Web-GUI Access HA pair

Dear All,

referred below link for Secure Web-GUI access, successfully done with my primary firewall, how can i achieve this when i have firewall in HA?

How To use Certificate For Secure Web-GUI Access - Knowledge Base - Palo Alto Networks

I will

...

Syslog issue

Hello All,

When we are using 9.1.14 Pan os we are getting below "" between ,, after upgrading 10.1.10-h2 it is missing.....

Is there any way to get back the double quote like early?

Cloud Identity Engine (CIE) and group mapping on firewalls - Groups and/or group membership updates not working as expected

I just wanted to let more folks know about this KB article concerning Cloud Identity Engine (CIE) and group mapping on firewalls. Knowing about this issue documented in the KB ahead of time would have saved a lot of frustration for us. Its informatio

...

Is there a way to allow LDAP StartTLS While blocking normal unencrypted LDAP?

Custom URL category matching

Hello,

I'm trying to block a domain but allowing specific URL.

like:

test.com/ - block

test.com/test - allow

I made two custom categories and rules, first rule for allowing "test.com/test" and second rule for blocking "test.com"

The connection is h

...

10.1.11-h1 broken on PA-410

Just lost 2 devices far away from home, seems to be the same bug described in https://www.reddit.com/r/paloaltonetworks/comments/17rjzfm/pa410_10111h1_no_ethernet/

440s and 3220s running fine with 10.1.11-h1. Is there no one at Palo testing their H

...

Resolved! portal-auth vs gateway-auth

Hi,

I’m trying to understand Palo Alto VPN client, Global Protect login process with logs and I’m a little bit confused. What I can see in logs:

First is: portal-auth.
Then usually portal-gen-cookie
Next gateway-auth
And finally, gateway-register

I woul

...

Resolved! Management interface connection to sucuri.net

Hello,

The management interface from our PA-3260 suddenly tries to connect to 192.124.249.36 on port 80 web-browsing. 192.124.249.36 seems to be part of a CDN registered to Sucuri.net. Is this expected behavior, what service is this for?

Discussions

OSPF issue betwwen PA VM-100 and Cisco 4431

Resolved! EDL - unable to get local issuer certificate

SFTP file transfer restrict

application based rule

Resolved! renewal the Wildcard certificate Procedure

Resolved! SSL Forward Proxy Not Working

URL Lookup Returns IP Address

Resolved! How To use Certificate For Secure Web-GUI Access HA pair

Syslog issue

Cloud Identity Engine (CIE) and group mapping on firewalls - Groups and/or group membership updates not working as expected

Is there a way to allow LDAP StartTLS While blocking normal unencrypted LDAP?

Custom URL category matching

10.1.11-h1 broken on PA-410

Resolved! portal-auth vs gateway-auth

Resolved! Management interface connection to sucuri.net

QoS Policy Class Selection

Slow Download and Uploads From Various Cloud Providers

Custom URL Category Not working Properly

PDF report generate and date is not in order

Warning: Advance Routing mode is disabled , feature not supported

Re: Custom URL Category Not working Properly

Re: DHCP with ISP router don't work :/

11.1.4h7 and 11.1.5 h1 high cpu

Ansible Galaxy - panos - not ready for advanced routing

Re: DHCP with ISP router don't work :/

Unlock your full community experience!

Resolved! EDL - unable to get local issuer certificate

Resolved! renewal the Wildcard certificate Procedure

Resolved! SSL Forward Proxy Not Working

Resolved! How To use Certificate For Secure Web-GUI Access HA pair

Resolved! portal-auth vs gateway-auth

Resolved! Management interface connection to sucuri.net