Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
- Panorama
- AIOps for NGFW
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- Cloud NGFW for AWS
- CN-Series
- VM-Series:
- Private Cloud
- OCI
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
- Cortex Xpanse
Security Operations
- Resources
- COVID-19 Response Center
About KAckerman12
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- About KAckerman12
04-22-2022
11Posts
1Like
0Solutions
Apr 22, 2022Last Visited
User
Activity
User
Profile
Latest posts by KAckerman12
| Subject | Views | Posted |
|---|---|---|
| 130 | 04-21-2022 07:13 AM | |
| 261 | 04-18-2022 09:22 AM | |
| 506 | 04-07-2022 06:43 PM | |
| 1216 | 01-21-2022 01:23 PM | |
| 1267 | 01-21-2022 11:42 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 02-26-2021 09:14 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 Like |
User Badges
Community Statistics
| Member Since | 11-04-2020 12:26 PM |
| Date Last Visited | 04-22-2022 01:06 PM |
| Posts | 11 |
| Total Likes Received | 1 |
04-21-2022
07:13 AM
Thanks for the response, however, we're far past that point. This became an issue after upgrading the FW. I believe I'm going to have to downgrade and restore the previously saved config, then try to upgrade again. Maybe I'll remove the cert first. I hoped for a better solution, but I have been unsuccessful.
... View more
04-18-2022
09:22 AM
Hardware: PA220
Version: 10.1.5-h1
I'm trying to use a certificate that appears to be having issues. I first noticed the issue when I attempted to create a certificate profile using a trust root CA. When I try to create the profile, it fails to create and has error message "CA -> *CA NAME* is invalid -> CA is invalid".
I then went to explore the certificate, first making sure the checkbox to trust the certificate was clicked. When I made this change and committed the change, nothing happened.
This is when I decided to delete the certificate and start fresh. When I try to delete the certificate, it has error message "Failed to delete certificate *CA NAME* - Invalid Location / Permission Denied"
Well, I'm signed in as an admin account, so permission can't be accurate. I jumped into the CLI and used command 'request certificate show' to see what might be happening.
The certificate in question was listed, and the correct information was there, but this is where it's a little strange. The certificate actually had two names. The first name was from another certificate that isn't experiencing issues. The second name was the correct name.
I decided to remove the other certificate to see if that would fix anything (this certificate wasn't being used, so removing it was fine). This didn't actually fix anything, but it did remove the second name from the certificate when I perform that command again.
I tried uploading the certificate again, which was successful, but didn't resolve the issue. The original certificate is still there with problems. Now the FW reports a duplicate certificate any time I make changes. Also, when I try to import certificates signed by this CA, those certs are listed under the problem certificate. I'm not entirely sure what's happening here, but it is affecting the use of certain certificates.
I recently upgraded my FW from version 10.0.9 to 10.1.5-h1. Not sure if that could be the issue, but this problem only occurred after the upgrade.
... View more
04-07-2022
06:43 PM
Did it recently happen to you around the beginning of April? That's when I got my most recent alert. Fixed itself within 24 hours.
... View more
01-21-2022
01:23 PM
I received this alert a few hours later, "Reconnect to MLAV cloud, enable all machine Learning engines". Issue resolved itself.
... View more
01-21-2022
11:42 AM
I was wondering whether it was within my control or not. I'll continue to monitor and if I keep getting the errors I'll open a ticket. Thank you for the response!
... View more
01-21-2022
11:22 AM
Received this high-alert message on a PA5220 (10.0.8-h4) this morning, "MLAV cloud error, all machine Learning engines stopped". Has anyone else received this message before? If so, what steps should I take to troubleshoot and resolve the message? Thank you.
... View more
02-26-2021
09:14 AM
1 Kudo
I suspected that may be the case, but wasn't 100% sure. I do already have an IP pool configured under the Client Settings. I will work on recreating the gateway without these settings to see if that works. Thank you for the suggestion. Edit: Can confirm this is correct. The Client IP Pool tab is available when there are no Client Settings configured.
... View more
02-25-2021
11:35 AM
I am attempting to configure a global IP Pool for my gateway, however, the Client IP Pool tab is always grayed out. I followed the documentation and I have tunnel mode enabled with a tunnel interface assigned, yet the tab remains grayed out. Any help is greatly appreciated.
... View more
11-05-2020
08:38 AM
I should clarify; I didn't create a custom category, but rather created a group for these categories. Objects>Custom Objects>URL Category>Add>Type 'Category Match'. I added these categories into that custom object group, and applied the custom object group to the no-decrypt policy. However, the no-decrypt policy failed to reference the custom category group. I'm currently using version 9.0.9-h1
... View more
11-04-2020
02:59 PM
The policy was in place with no-decrypt, but that wasn't the issue. I was able to solve this by adding these categories directly to the policy. The problem occurred when using a custom URL Category object where I added financial-services and health-and-medicine. I then applied the custom object to the no-decrypt policy, but it failed to appropriately reference the custom object, and sites were still being decrypted. Instead of adding the custom object, I added these categories directly to the policy, and since then it has worked fine. Thank you for the quick response!
... View more
11-04-2020
12:38 PM
I'm having an issue with URL Categories and SSL Decryption. I have two decryption policies; the first is a no-decrypt policy for URL Categories matching "financial-services" and "healthcare-and-medicine," and the second policy is a decrypt-all for service-https. The second rule is working great and decrypting traffic as expected, however, the first rule is not working. If I visit a financial site (discover.com, chase.com, etc) the site is getting decrypted. The log shows the site as matching against "low-risk" instead of "financial-services." This happens for most sites and is not limited to the examples provided. If I visit https://urlfiltering.paloaltonetworks.com/ it shows discover.com gets categorized as financial-services first, then low-risk. What can I do to ensure the firewall categorizes these sites as financial-services instead of low-risk so that they do not get decrypted?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
04-22-2022
01:06 PM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2022 - Palo Alto Networks
