Cancel
CreatorsPublishersAdvertisers
View more in
Computers

Issues with Device Telemetry

By southardd
paloaltonetworks.com
 6 days ago

Cover picture for the articleI have an HA pair (active/passive) of PA3250s (no Panorama) and just recently upgraded to PanOS 10.0.6 from 9.1.9. I configured the device telemetry and downloaded the new certificates for both firewalls. Telemetry is working great on my primary firewall, however, the secondary is failing every time with the error code "CDL Receiver Key Empty". I have opened a support case but have not had much luck. We verified the location is set to "Americas" instead of "americas" and all of the other settings seem to match the working firewall. Has anyone else seen this before? I've attached a screenshot and the text from the email that is generated below.

live.paloaltonetworks.com

Comments / 0

IN THIS ARTICLE
#Americas#Device Telemetry#Panorama#08 52 02#Eventid#Tgz
YOU MAY ALSO LIKE
NewsBreak
Technology
NewsBreak
Computers
Related
Computerspaloaltonetworks.com

Device Control Violations & XQL

Has anyone been able to get a XQL Query together that could pull out the Device Control Violations ?. Unfortunately at this point, while they are presented in Cortex XDR, I don't see a way to Export that page contents. Same with Disk Encryption Visibility, but at least with that...
Educationsecurityboulevard.com

Back-to-school Device Protection | Avast

Did you know that out of the 8.9 million enterprise malware reports that Microsoft had in the last 30 days that over 60% came from education? The next closest industry is business and professional services, at only 10%. There’s no doubt that cybercrime is targeting vulnerable kids and schools. While...
Computerspaloaltonetworks.com

OSPF stopped gracefully restarted

We are facing issue with OSPF is not working properly over the firewall as per the configuration part seems fine we checked with the below given document. All the configuration for HA is configured as per above given document. We checked with the configuration of OSPF as per below document...
Softwarepaloaltonetworks.com

Dynamic Address Group with Azure monitoring

Https://docs.paloaltonetworks.com/vm-series/9-1/vm-series-deployment/set-up-the-vm-series-firewall-o... In the end article tells to create DAG but how do I add VM's automatically to this group. Is there a wildcard that i can use like 'azure.vm-name.*'. I tried but its not working. All I can do is manually select each of them clicking plus but that is not dynamic.
Computerspaloaltonetworks.com

High Availability for Firewalls in diferent locations over Layer 3 network

Is it possible to configure high availability between Palo Alto VM series Firewalls that are located in different buildings over a network to connect both firewalls?. I have two VM-300 Firewalls that are Active/Pasive with Global Protect in the same physical Server, which will result in a single point of failure. Recently there was an electrical issue and the server went down. Since both firewalls are in the same server, the remote users were not able to connect to company network.
Computerscheckpoint.com

IoT Device Security for Manufacturers

Preventing Attacks on IoT Devices and Networks WATCH REPLAY. Revolutionary on-device runtime protection enables you to develop connected IoT devices with built-in firmware security that defends. against the most sophisticated cyber attacks. Assess Risk. Uncover security risks in your. IoT firmware. Harden. Harden device with on-device runtime protection to prevent...
Internetpaloaltonetworks.com

traffic drop for website for some time

Im facing issue when accessing website which is hosted on cloud.i have created object of website and called in policy . this issue occurs when i have called object in destination and im trying to access website . if i have access this website as destination put any then it...
Computerspaloaltonetworks.com

Single DNS_Proxy Interface serving multiple networks

Single DNS_Proxy Interface serving multiple networks. I have a Paloalto with DNS-Proxy activated and serving the LAN interface, let's say: 10.0.0.1 (dns_proxy) Is it possible to point clients from networks on interfaces/networks to use the same dns_proxy configure for LAN (10.0.0.1) Example:. client 192.168.0.10 on eth2 could use dns_proxy 10.0.0.1...
Computerspaloaltonetworks.com

RDP slow vía Globalprotect

Good morning, thank you very much for your support. I have the following problem. I have a PA-220 equipment, connected to the Internet via a 200mb symmetrical Adsl link. Globalprotect clients 5.2.7 ( win 10 ) PA-220 ---NAT1:1---Router/modem-adsl---dynamic public IP---fqdn DynDNS. I have configured global protect for rdp connections, using...
Cell Phonesitprotoday.com

Critical Vulnerability Affects Millions of IoT Devices

Mandiant, the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), and Internet of Things provider ThroughTek have disclosed a critical vulnerability affecting millions of IoT devices that could let attackers spy on video and audio feeds from Web cameras, baby monitors, and other devices. CVE-2021-28372 was discovered by...
Technologypaloaltonetworks.com

Rekey causes VPN tunnel to stop sending network traffic

Hello everybody, I'm having a weird issue with VPNs between a Palo Alto Cloud Firewall (PanOS9.1.3h) and Cisco Meraki Z3.All VPN Tunnels are established propely, but after a random period of time during the rekey step, a tunnel stays online, but network traffic can't be send anymore. We are currently having 5 of these connections with the same issues.
Softwarepaloaltonetworks.com

How to create NAT rule for PA in Azure

We have deployed PA-VM inside Azure that needs to create a VPN tunnel with Cisco. We have created a security zone called VPN for the tunnel interface and set all the P1 and P2 parameters. We find the most difficult part is getting the NAT logic configured correctly on the...
Computerspaloaltonetworks.com

False Positive - Generic.ml (Please help!)

Hey Paolalto Team! A file used by our WaveBrowser is being flagged and we feel this is a mistake caught by the heuristic engine. Would y'all take a look at the file for us? If you do find an issue, please let us know and we can make any necessary changes. Thank you so much in advance. We appreciate your help! Have a great week.
Computerspaloaltonetworks.com

Cortex XDR 7.4.1 in MAC having Malware Definition date as year 1970

Cortex XDR 7.4.1 in MAC having Malware Definition date as year 1970 in The Global Protect. Somehow, the AV definition date for Cortex in Global Protect is showing as 1970. User is not able to connect to Global Protect as its failing HIP match from the firewall that says the AV definition date should not be older than 7 days.
Computerspaloaltonetworks.com

Why a forced Target Negate No?

I've had a case open with Palo Alto support for over a month and the person I got says they've not seen this issue before. I doubt we are blazing new trails here and I just don't understand how this can actually be unfamiliar. Our Palo Alto is a recent...
Cell Phonessecurityboulevard.com

Simplifying device management in a remote world

In 2020, most of us around the globe had to make the move from office to home – either for months, a year, or for some us, we’re still there. But business had to continue. So as the workforce packed up their phones, tablets and laptops, how could we ensure business could continue as usual and operate securely? The answer is with device/endpoint management.
ElectronicsTrendHunter.com

Multifunctional Modular Entertainment Devices

The conceptual 'KANO-XP' is a multifunctional technology product that's focused on an all-in-one design to help offer avid makers and gamers alike with a holistic way to approach their choice of pastimes. The device is designed with teenagers in mind and features an interchangeable control panel that would enable users to swap out components for different ones. This includes a gaming control unit, another with a series of piano keys, another with a MIDI button layout for music production and more.
Computerspaloaltonetworks.com

User is trying to connect with MS-RDP. Log shows TCP 3389 but application is not-applicable

We've got a remote user connecting with GlobalProtect. He's trying to RDP to a PC on our inside network. There is a security policy that he should be matching- traffic matches source and destination zones, user-ID is matching the right group, HIP check is good. it seems to be failing to match the policy because it's not matching on the application. The user is using MS-RDP and the traffic is showing up on TCP port 3389.
Softwarepaloaltonetworks.com

upgraded macOS to Big Sur and users cannot connect to globalprotect

Upgraded macOS to Big Sur and users cannot connect to globalprotect. We have upgraded the macOS to Big Sur and the users fail to connect to the GP gateway due to server cert verification failed. {. error = "Host name mismatch";. title = "xyz.xyz.xyz.xyz";. }. ) P 474-T17783 08/16/2021 14:25:34:351...

Comments / 0

Community Policy