Katello Ports - Palo Alto DMZ


Expected outcome:

Foreman and Proxy versions:

Foreman and Proxy plugin versions:

Other relevant data:
[e.g. logs from Foreman and/or the Proxy, modified templates, commands issued, etc]
(for logs, surround with three back-ticks to get proper formatting, e.g.)


I’ve a user trying to use Katello, v.1.21. with agent v 2.70 on server with Cent OS 6.

They can run updates successfully except through DMZ on Palo Alto firewall.

On both inbound and outbound firewalls rules, ports 80, 443, 5646, 5647 & 9090 are open.

When doing a packet capture, they get an unknown CA error.

Anything I’m missing?


Hi @mark_heutamaker

Are you using custom signed certs on the Katello box? Also does the Palo Alto firewall do SSL inspection or injection where it put’s it’s own CA into the traffic?