About sallen

PA 3220 V 10.2 When setting up and testing MFA if you choose SMS/Input Code when the page displays the box is one field only as shown in the browser picture (Chrome/FF/IE.  It doesn't show your characters being typed which is hard for user.  At first we thought is wasn't 'modernized' but if you download the response page and then open it as .html is displays correctly.  I've tried all 3 modern updated browsers.  I'm just looking to get pointed in the right direction.  Why doesn't is display correctly when attempting to MFA with a SMS code?     Attached are the 4 images.  The image of the .html default MFA response page you can download from Device-Response page to customize if you want to.  Then the next 3 images are from a Windows 10 Fully updated, all 3 browsers updated as I traverse the Firewall and MFA to try to input my 6 digit code.  I just want it to display correctly for ease of use with the user.  It does work and authenticates if you type in the correct code.  It is just very hard for a front facing user to understand if they are typing and how many characters.    For example I opened the MFA default response page I downloaded from the PA and type in 123456 in the Enter the Code Enter the Pin section and you can see you type 6 characters displayed by ......   In the other images is each browser (to eliminate a browser display error)  This could still be a browser issues but unsure of more testing by not using Modern updated browser.  I'm testing the SMS MFA page and the image is what you see as a user. As soon as you start typing your code in the cursor actually disappears all together and the submit button becomes blue and enabled.    I'm willing to try anything for testing purposes and very engaging.  Thank you in advance!    Chrome -  Version 109.0.5414.120 (Official Build) (64-bit) FireFox - 109.0.1 64 bit Microsoft Edge Version 109.0.1518.78 (Official build) (64-bit)     Please note you are posting a public message where community members and experts can provide assistance. Sharing private information such as serial numbers or company information is not recommended. ... View more

Greetings,   We are researching Certificate management and all the certificate management the Firewall can do.  It came across as a question  - is there a way to have the PA function as a secondary / sub-ca?  Our team members our discussing instead of standing of a new CA since everyone should have the root FW cert.  My question is at what scale and other problems could arise?  I see some docs that state to monitor cpu and it does have a resource cost but I think this would be more than 10 certs which seems to be a basic suggestion:  To be clear this is for applications on the FW like SSL Forward Proxy, Captive Portal, Global Protect.  This would be about generating self signed certs or public CA for other webservices in the  environment.     PA 3220 OS 10.2   https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/certificate-management/certificate-deployment   Has anyone had experience with this and how did it go?  Lessons learned or advice welcome?   ... View more