Generate certificates in templates with cli

Hi everyone, i know that i can generate certificates on the panorama itself with the command: request certificate generate ca no signed-by myCA digest sha512 days-till-expiry 365 countrycode DE organization "My Org" hostname [ hostname hostname.mydomain ] name hostname.mydomain certificate-name myCert algorithm RSA rsa-nbits 4096 but as th...

Rejoin a factory default PA firewall to HA which managed by Panorama

Hi all I have a HA PA pair which managed by Panorama in our environment, and we found the passive one is unable to login locally, and cannot commit new configuration to the passive one thru Panorama. So we do factory default of the passive one and configure the management IP and admin user again. After we do factory default, we joined the HA...

Green Horizontal Bar in PanOS 10.1 GUI

I just started noticing this horizontal green bar appearing between the yellow and blue fields on the header in PanOS 10.1. Does this mean anything? It's not present all the time. The red dot in the screenshot was accidentally painted on by the snipping tool.

Panorama SD-WAN Devices Import CSV brings error "Unspecified error during import"

Hy, I try to import SD-WAN Devices by CSV to Panorama (11.0.3) SD-WAN Plugin (3.1.0) this brings the error message "Unspecified error during import" csv: device-serial,type,site,zone-internet,zone-to-hub,zone-to-branch,zone-internal,router-id,as-number,loopback-address,prefix-redistribute,vr-name,vif-link-tag,remove-private-as,copy-tos-header...

Panorama HA Two different Data Center

Dear Folks, I want to setup Panorma High availability between two different data centers [Netherland-Germany] I have checked the latecny is allowed upto 1000 ms. I have some following doubts. 1. since these DC's running different Ip address spce so for HA communication between these peers have two different Ip address, is not an constrains?...

ZTP configuration at remote sites

We have some new PA-440's are are trying to work through the ZTP process. We have ZTP configured, and the devices are registered. We now see them as connected to our Panorama server, but we are unsure of the next step. We can't seem to make some changes to do the devices as they are still in ZTP mode, but the documentation to turn ZTP off...

How can view log from another log collector on Panorama

Hi Expert , In case we have older Log collector and now we have send log to New Log Collector we create differance collector group per LC but I would like to know how can view older log from older LC on Panorama . Thank you

Help Palo Alto Trial License

Panorama API Rule HitCount S/N

Hi Folks, I need to run this api call against Panorama, to query security policies hit-count from a device-group. As we Have HA enabled, it is displaying the same security rule twice as a results for the Active and Passive Firewall. I tried to add to the call <device-vsys>/devices/entry[@name='SN-ACTIVE-FW']</device-vsys>, but it...

SaaS report hangs

My Panorama has often struggled with report generation. For a report covering more than a week, the report will simply fail. However, since updating to 10.2, the predefined SaaS reports will not complete. They just sit at 0% until cancelled. Panorama resources (cpu, memory, disk space) are fine. Is there anything i should check?

Can you monitor default routes with BGP Conditional advertisement

Good Day I would like to configure BGP conditional advertisement to advertise a public network when the primary default route is not present. I have heard conflicting reports as to whether or not you can monitor the default routes using conditional advertisement. We are using Panorama 10.2.5 thanks in advance Regards

URL Category Shareware/Freeware

Hello, I'm not sure this is were to ask this but my question is this: One of the Palo's on my network labled the "chromewebstore" in the URL category as shareware/freeware and was blocking the site. After 4 hours, it stopped blocking it and changed the category. Is there a reason for this or where would i look to find out possibly why. Tha...