Akamai EAA Maintenance Status

We are currently investigating a potential service impacting situation in this location. There is partial outage at this location that is affecting connections to some of the servers.

We have encountered some issues in ourREST API services. We are investigating it. Identifier: Domain: europe, 0a4f132a

Cloudflare is investigating an elevated error rate on DNS record API endpoints. We are working to understand the full impact and mitigate this problem. More updates to follow shortly.

Palo Alto Networks released Applications and Threats content update package 8852 (dynamic update 8852-8753), which was applied in Prisma Access. This package contained several new functional App-IDs, including google-chat, google-drive-web, google-meet, hubspot, and ringcentral. Any mention of these Apps in PA configuration, will result in a commit error when pushing commits to Prisma Access. Please follow our live community page for remediation actions and updates

https://live.paloaltonetworks.com/t5/customer-resources/customer-issue-impacting-applications-and-threats-content-update/ta-p/587719

For customers encountering challenges while accessing specific sites with decryption enabled and upon receiving "decrypt-unsupport-param" logs, particularly when using Google Chrome browser version 124 and higher, we suggest trying the following steps:

Issue Identification: The observed difficulties may arise from Kyber Support integrated by Chrome for the TLS 1.3 version.

Chrome Flags Configuration: Please review the configuration settings in Chrome Flags. This can be done by navigating to "chrome://flags/#enable-tls13-kyber" and examining the setup.

Disabling the Option: We encourage you to consider disabling the Kyber Support option and then relaunching the browser to assess if it resolves the issue.

If you continue to experience any difficulties, please open a support case, sincerely appreciate your patience as we diligently work to resolve this matter.

As part of PAN-OS Root and Default Certificate Expiration on December 31, 2023, the Prisma Access security processing nodes are not affected by the device certificate expiration. However, customers peering with Palo Alto firewall's that are not renewed may face disruptions. Ensure your Palo Alto firewall is updated promptly to maintain seamless connectivity and security. Please follow the guidelines provided in the below advisory:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008Vp5CAE

Palo Alto Networks released Applications and Threats content update package 8852 (dynamic update 8852-8753), which was applied in Prisma Access. This package contained several new functional App-IDs, including google-chat, google-drive-web, google-meet, hubspot, and ringcentral. Any mention of these Apps in PA configuration, will result in a commit error when pushing commits to Prisma Access. Please follow our live community page for remediation actions and updates

https://live.paloaltonetworks.com/t5/customer-resources/customer-issue-impacting-applications-and-threats-content-update/ta-p/587719

For customers encountering challenges while accessing specific sites with decryption enabled and upon receiving "decrypt-unsupport-param" logs, particularly when using Google Chrome browser version 124 and higher, we suggest trying the following steps:

Issue Identification: The observed difficulties may arise from Kyber Support integrated by Chrome for the TLS 1.3 version.

Chrome Flags Configuration: Please review the configuration settings in Chrome Flags. This can be done by navigating to "chrome://flags/#enable-tls13-kyber" and examining the setup.

Disabling the Option: We encourage you to consider disabling the Kyber Support option and then relaunching the browser to assess if it resolves the issue.

If you continue to experience any difficulties, please open a support case, sincerely appreciate your patience as we diligently work to resolve this matter.

As part of PAN-OS Root and Default Certificate Expiration on December 31, 2023, the Prisma Access security processing nodes are not affected by the device certificate expiration. However, customers peering with Palo Alto firewall's that are not renewed may face disruptions. Ensure your Palo Alto firewall is updated promptly to maintain seamless connectivity and security. Please follow the guidelines provided in the below advisory:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008Vp5CAE