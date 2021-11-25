ContributorsPublishersAdvertisers
user id group mapping

By Sarou22
paloaltonetworks.com
 7 days ago

Hello I have several questions to ask you about the user ID. 1)We say that the LDAP does not map between the ip and the user, so who does the mapping between the ip and the user name?. 2) then, when we configure the mapping of group. I do...

live.paloaltonetworks.com

paloaltonetworks.com

Unable to see groups in group mapping setting in Palo alto

Group with three to 4 user was added in ad with group name (vpn group for laptop) and this group was under OU group id, but in group id i was able to see groups till alphabet N ,so tested creating Group with group name (ATEST users) i was able to see this group ,but.
esri.com

Field Maps and Map Viewer

The April 2021 release of ArcGIS Online and the November 2021 release of ArcGIS Enterprise 10.9.1 include a new Map Viewer (formerly known as Map Viewer Beta). The older version of Map Viewer is now listed as Map Viewer Classic and can still be accessed in ArcGIS Online and ArcGIS Enterprise.
paloaltonetworks.com

User-ID mapping integration for Multi-Domain AD server

We are using windows based User-ID agent on Palo alto firewall for user-id mapping. We have an existing setup with AD domain abc.com for which the User-ID mapping is implemented on PA Firewall and User ID agent is installed on the abc.com domain controller and it is working fine without any issues.
paloaltonetworks.com

2 subnets on the same interface

We current have 1 subnet linked to an layer 3 interface which is supplied by our isp. We have run out of ip addresses and our isp want to present another subnet but on a completely different range. (too many services to move to a new range) Is it just...
#Ldap#Device
paloaltonetworks.com

PA-460 GP clientless VPN only allowing max users of 20

While I don't see any addressed issues mentioned in the release notes that seem to match this issue, if you're going to be running 10.1 I would recommend staying on the preferred release (or even the latest if you have a lab device to run validation on). Install 10.1.3, which is the current preferred release, and see if the issue is still present. If it is, I would open up a support case so you can get the bug validated and sent up to engineering.
paloaltonetworks.com

Migrate Panorama from Azure to ESXi is failed

I am trying migration Panorama with following procedure but have not succeeded, yet. https://docs.paloaltonetworks.com/panorama/8-1/panorama-admin/set-up-panorama/transition-to-a-differ... Now I am in STEP10 and I tried commit to panorama and failed. Error message is " Invalid configuration. Please fix errors and try again." I can not solve this issue. Anyone know how to solve....
TheDailyBeast

Apple Sues Surveillance Firm NSO Group for Spying on Apple Users

Apple sued Israeli software surveillance company NSO Group on Tuesday, alleging “egregious” efforts to spy on Apple users with its flagship spyware, Pegasus. NSO Group and its customers allegedly delivered the invasive malware—which is capable of monitoring victims’ cameras, microphones, texts, location, and more—without users’ knowledge from February to September of this year by using an exploit cybersecurity researchers label “FORCEDENTRY,” according to court filings. Although Apple has patched the vulnerability and just a handful of users were targeted, Apple is taking NSO to court because it wants to put a stop to brazen attacks like this and hold NSO Group, which was recently sanctioned by the Biden administration, accountable, said Craig Federighi, Apple’s senior vice president of Software Engineering. “State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change,” Federighi said in a statement.
paloaltonetworks.com

Releasing and reassigning VM-50 pa-vm license key

Purchase a VM-50 lab bundle last year. pa-vm license was "perpetual" , while the other components were 1YR subscriptions. Subscription expired on 7 October 2021. the previously licensed was "destroyed" ☹️ before it could be properly deactivated. I am looking for advice on how i can get PA Support to make the change that would permit me to activate a newly deployed VM-50 with the previously purchased "pa-vm" license key.
paloaltonetworks.com

vm palo question on interfaces for esxi

We have an exisiting vmware esxi environment that has 3 hosts with distributed switches configured. Currently, each esxi host has 4 links (all trunks) going to the physical uplink switch. We've installed a VM palo series firewall and have established managment connectivity to it via eth1/0 with no issues. Now...
paloaltonetworks.com

IPSec tunnel rekeying

We are using tunnel monitor on the IPSec tunnels and i am wondering if rekeying childs SA, causes the tunnel monitor to bring the tunnel down. In additon i would like to know if PA stores a log of all the rekeys for each tunnel. 1 REPLY. 9 hours ago.
paloaltonetworks.com

Uninstall vs Using Agent Cleaner

When an IT admin uninstalls Cortex XDR from an endpoint does it remove that endpoint from the XDR Console?. When they use the Agent Cleaner to remove XDR from an endpoint does it remove that endpoint from the XDR Console?. We are running into duplicate endpoints when Admins install new...
paloaltonetworks.com

SRX to Panorama export mappings question

I have converted all objects to Shared and this picture illustrates what I think is the correct mappings of each element. Please confirm/correct as necessary. Thanks!. Well, I tried that and I don't think it's working correctly. I guess I need step-by-step assistance on what to do from that pre-merge...
paloaltonetworks.com

Telemetry cant connect : Server is not reachable

The telemetry unable to connect to server. Follow in https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClZCCA0. Update server configuration was set to updates.paloaltonetworks.com. We try setting configuration to staticupdates.paloaltonetworks.com but unsuccessful. FW has been restarted still unreachable. Any idea what happen ? and workaround to check.
paloaltonetworks.com

GP/ LDAP authentication

I have a test AD/PA setup. AD and LDAP connectivity is okay so far. My problem is that I am unable to authenticate any user against Global Protect. The group are correct too, as far as I can see. This is the output i get when trying to authenticate:. SITE1>...
paloaltonetworks.com

Test Custom BIOC Rules

Please help me to create custom BIOC rules for the testing. My company want to create rules bioc informational if We create/delete spesific file in spesific folder, and the information will appears in incidents. Is it possible?. If is it possible, please inform to me How to create that?. Thanks...
paloaltonetworks.com

How to stop Duplicate incidents

I am receiving lots of duplicate incidents on my Cortex XDR console. Can anyone please help on how to suppress or stop the duplicate incidents to trigger again and again?. Hi @RahulPrajapati , an incident is an aggregation of alerts. You may have incidents with the same description if the actions that create the alert keeps occuring.
paloaltonetworks.com

Where do I start?

I'm a network engineer being tasked to take over our PA firewalls since the guy who normally handled them is leaving. Where do I even begin to learn about this stuff? I've never had to work with these before. Thanks. 1 REPLY. yesterday. Hi @hilltopia ,. You can start browsing...
paloaltonetworks.com

Issues with Global Protect and Post-vpn-connect

I've opened a ticket with Palo and haven't had much success. I am trying get the drive mapping script to run and it gives me an error 1008. Below are the logs for gpservice. Few things I have noticed and tried:. 1)it is using my adminacct yet i am logged...
