To avoid Palo Alto service destruption be aware that beginning February 11, 2026, Device Certificates will be required for connecting with the cloud-delivered security services (CDSS) listed below.
If you are registered complete advisory could be found here
It will result in a partial or complete loss of functionality for the impacted features, products, or services.
For example, neglecting to deploy the hotfix and complete the onboarding process for the Device Certificate for CDSS will compromise the effectiveness of security rules linked to critical services like URL Filtering and WildFire. As a result, these cloud security services will be unable to deliver accurate detections or verdicts.
Device Certificate enforcement impacts the following services and products:
• Cloud Delivered Security Services (CDSS):
• DNS Security
• URL Filtering and Advanced URL Filtering
• WildFire and Advanced WildFire
• NGFW models:
• PA-200
• PA-220
• PA-220R
• PA-500
• PA-8XX
• PA-30XX Series
• PA-32XX Series
• PA-50XX Series
• PA-52XX Series
• PA-70XX Series
• VM-Series and CN-Series
• Panorama appliances both virtual appliances and M-Series
• WildFire appliances WF-500 and WF-500-B
