Antivirus Update on PA820 take up to 30 minutes to install since upgrade to 10.2.3

We've upgrade a cluster of PA820 to 10.2.3 and since that upgrade, Antivirus Update take up to 30 mintues to get installed.

Am i the only one facing this very poor performance?

Regards

BGP

My paloalto can't announce the routes learned via the bgp protocol. I need support assistance to check the configuration 

User ID firewall integration with mapping server or AD

Have to enable User-ID for corporates users. Not able to locate documentation around best practices for user id. for  example in my scenario.

we have one domain xyz.com with 50 domain controllers to monitor. we have winRM installed on all the domai

Error Index Protocol Error tlsv1 bad certificate status response. Received fatal alert BadCertificateStatusResponse from client

Hi folks, I'm using an SSL forward proxy policy and am getting this error:

GlobalProtect MFA with LDAP at Phase 1 and Okta Verify at Phase 2

Hello everyone,

I want to implement GlobalProtect with Multi-factor Authentication, with LDAP at Phase 1 and Okta Verify at Phase 2. Is it possible?

I have configured based on Palo Alto Document "Configure MFA between Okta and the Firewall" and m

DHCP Fail

Hello Community,

I have a FW with eth0 configured as DHCP client and it gets IP, no problem. But then I see lots of DHCP Fail system messages between lease renewals:

Are these normal?

Thanks!

PA-220 (A/P) Packet Buffer on DP filling up over time on passive Firewall

Hi There

We have two PA-220-ZTP Firewalls with PanOS: 10.2.3 and in Active-Passive configuration

On the passive firewall we see Packet Buffers on Data Plane filling up over time. The active firewall doesn't have this issue. I've just rebooted the p

drop icmp packets firewall interface

Hi guys,

I have 2 PA firwalls in HA, and since couple days, when i try to ping one firewall interface from a router(like 1000 ou 10000 packets) i got packets drops in icmp(2 to 3% loss packets)

Certificates duplicated from Primary to Secondary firewall in Palo alto

Hi All,

We have 2 Palo alto firewalls in HA mode (Active-standby).

Palo alto mode: PA-3220

OS Version: 10.1.6-h3

We create Unique certificates (for management, interdevice) in each firewall with hostname. After some time, the certificates in seco

SSL Decrytpion not working consistently on MAC's

We just installed SSL decryption ( not self signed) across our PANs. It is working fine with Windows workstations at office and at home. However, with MAC machines it is working inconsistently when at home and  connected to global protect.  Some site

PAN User-ID Agent

Hi All,

I installed User-ID Agent on the Windows DC, and it is working somewhat successfully. For some odd reason it recognizes the users from our domain but on the app's monitoring tab, where I can see the IP-User correlations, sometimes the users

Palo Alto - Active Directory SID

Hi team,

Is it possible to change the way Palo Alto links a group on AD? From CN to SID??

Cheers,

Internal users unable to access some banking URLs/Sites

I'm experiencing an issue with internal users unable to access some banking websites/URLs. Users can access these sites over the VPN (Global Protect) but can’t access these sites from the office/Internal.

I then created a URL Filtering category (ad

Phase 1 compromise impact to Phase 2

Hi,

I would like to know if IKEv2 phase ia compromise because of weak encryption in proposal, malicious user can access to all data sent across the VPN connection, which may include passwords and sensitive file ?

Or

Malicious user only know phase 1