PAN-OS – my world of IT

Palo Alto Networks Decryption – Azure CLI won’t connect ‘[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Missing Authority Key Identifier’

Posted on 23 April, 2026 Updated on 23 April, 2026

It looks like the more recent releases of Azure CLI are running off Python versions that enforce ‘Authority Key Identifier’ checks of the security certificates when connecting to Azure CLI (az login). You might see an error message similar to the below if bumping into this issue. HTTPSConnectionPool(host=’login.microsoftonline.com’, port=443): Max retries exceeded with url: /organizations/v2.0/.well-known/openid-configuration (Caused by SSLError(SSLCertVerificationError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED]… Read more

Panorama PAN-OS 12.1 upgrade fails, ‘no enough disk space to hold image’

Posted on 12 January, 2026

In getting ready to move Panorama to PAN-OS 12.1 from 11.1 (to manage some new PA-5×0 series firewalls) if you haven’t already performed the ‘224GB’ disk size increase you are likely to bump into this error message: Successfully downloaded Software version: 12.1.2 Preloading into software manager Failed to create required free space. Free space: 3191 MB, Required space: 3717 MB… Read more

Palo Alto Networks GlobalProtect and Azure AD – AADSTS700016: Application with identifier was not found in the directory.

Posted on 20 July, 2021 Updated on 20 July, 2021

When setting up a GlobalProtect Portal/Gateway with AzureAD you may find you receive the error message: AADSTS700016: Application with identifier <Entity ID> was not found in the directory ‘<Directory ID>’. The fix here is easy – the GlobalProtect client injects a :443 at the end of the domain name which isn’t mentioned in the guide from Microsoft (https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/palo-alto-networks-globalprotect-tutorial) but is… Read more

PAN-OS and Connections Per Second in PRTG

Posted on 1 June, 2020 Updated on 1 June, 2020

If you are looking to build out Zone Protection Profiles on your Palo Alto Networks Next Generation Firewall then it can be handy to know just what your connections per second metrics look over time for each zone. Quite lucky Palo Alto Networks have a little (although not entirely descript) guide on where you can get this data – https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/zone-protection-and-dos-protection/zone-defense/take-baseline-cps-measurements-for-setting-flood-thresholds/how-to-measure-cps.html…. Read more