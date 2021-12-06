ContributorsPublishersAdvertisers
Cortex Data Lake

I am new to this forum and new to the job where I am having this issue so please forgive me if this is an easy question that has been answered, I could not find the info I was looking for. I am trying to setup a Cortex Data...

Software boosts inference speed on Cortex-M MCUs

Startup Plumerai has built an AI inference engine for Cortex-M microcontrollers which outperforms the standard combination of TensorFlow Lite for Microcontrollers and Arm’s CMSIS-NN kernels. In recent tests performed by the company, Plumerai’s inference engine resulted in 40% lower inference latency and 49% less RAM usage, without reducing prediction accuracy.
How to view transceiver values on the cli

I need help finding the transceiver values in a PA-5220. In Cisco world the command is 'sh int e 1/5 transceiver details'. And it produces this output. Link length supported for 50/125um OM2 fiber is 82 m. Link length supported for 62.5/125um fiber is 26 m. Link length supported for...
Azure Data Lake: Everything You Need to Know

A textbook definition of data lake describes it as a vault for storing humongous amounts of data. This data does not have to be necessarily structured; one can store all types of structured and unstructured data in a data lake. Given the absurd amounts of data, mankind generates every day, it ought to come as no surprise that there has been a massive surge in the demand for data lakes all over the world from companies across the spectrum of industries. Yet, there is one name that consistently fares among the top choices in the market: Azure Data Lake.
Computers do not receive the new update cortex 7.6.0

Computers do not receive the new update cortex 7.6.0. I have 500 computers in the company, every time a new version is released to TRAPS some computers do not receive the update. (About 40 computers). I'm trying to upgrade to the new version of the cortex management interface. But still, the computers don't get the update.
AWS interface limits

Is the AWS VM limited to only 3 interfaces or can we add 3 more? I was reading there may be limitations associated with machine type but wanted to be sure before we went down the path of changing that. 1 REPLY. 5 hours ago. Assuming the underlying instance size...
BrokerVM proxy configuration error

I'm facing this issue when i try to configure the ip addresse of the proxy so i can send logs throught brokerVM:. C:\Program Files\Palo Alto Networks\Traps>cytool proxy set "X.X.X.X:YY" Enter supervisor password:. RpcClient: SendRequest: Error 13: Cloud Defined proxy 'set' internal error = 4 RPC call for proxy command 'set'...
Cortex XDR Broker VM questions

Can anyone answer a few questions about Cortex XDR Broker VM?. If the Broker VM is being used as a proxy, do the hosts connecting to the Broker VM need to be on the same subnet as the Broker VM or can they communicate with the Broker VM via the default gateway of their VLAN?
require password change on first login on HA mode

I have question for "require password change on first login" on HA mode. firstly when I enable this function at any Palo Alto unit of HA mode and edit or create admin role account,. then try login to one of HA unit, the login page display password change require. when...
ESXi deployment question for Palo -VM series (L3 Mode)

ESXi deployment question for Palo -VM series (L3 Mode) I'm having trouble interpreting this link for deployment scenarios of the vm series Palo Firewalls. Looking for clarification... https://docs.paloaltonetworks.com/vm-series/10-1/vm-series-deployment/set-up-a-vm-series-firewall-on... We have an ESXi cluster with 3 hosts running vSphere Distributed Switches. Our plan is to have one Palo VM-300 in the...
PAN site to site VPN to AWS

We had a site to sit VPN between on premise PAN going to AWS. The tunnel was established and does not show any downtime but the issue we encounter is that when the Tunnel Monitor IP(169.254.2.x/30) and (169.254.3.x/30) is not pingable/unreachable PAN will remove the route going to AWS in result we are not able to connect to the AWS LAN segment.
Cortex XDR high RAM usage

We have a problem with RAM usage of our Cortex XDR agents. We have seen this issue about 7-8 endpoints for 2 moth. Ram usage of our endpoints increased up to 2 GB. it seems this is not agent version related problem. Because today we also saw this problem in one of our windows servers which RAM usage of xdr was 14 GB ( agent version 7.6 ). After restarting cortex xdr service everything back to normal.
Global Protect unresponsive, clicking connect button does nothing

I have several clients that their Global protect (5.2.9) does nothing when they click the connect button. This behavior began with the retirement of Sophos AV. Reinstalling Sophos makes it work again however. Our organization is in the process of retiring Sophos for another AV product. This only affects some machines, most continue to work after uninstalling Sophos.
Feature Request: ECMP Path Monitoring

We are currently using ECMP to load balance to our two ISPs. Which works great. However since there is no path monitoring(Unless you set static routes). If something happens upstream and your peer doesn't go down the PANs will happily keep sending data out that interface without batting an eye. Causing half your customers to be very unhappy. If path monitoring was available this would fix a lot of problems I think.
Encryption mode between 6.0 and 9.1

My company are going to migrate upgrade one firewall from 6.0 to 10.1. And I found below KB points out the supported payload options above and below PANOS 7.0. Several IKE/IPSec profiles are using aes128 for ESP encryption, is it aes128 equal to aes-128-cbc?. PAN-OS 5.0 and abovePAN-OS 7.0 and...
Another Apache Log4j Vulnerability Is Actively Exploited in the Wild (CVE-2021-44228)

This post is also available in: 日本語 (Japanese) On Dec. 9, 2021, a remote code execution (RCE) vulnerability in Apache log4j 2 was identified being exploited in the wild. Public proof of concept (PoC) code was released and subsequent investigation revealed that exploitation was incredibly easy to perform. By submitting a specially crafted request to a vulnerable system, depending on how the system is configured, an attacker is able to instruct that system to download and subsequently execute a malicious payload. Due to the discovery of this exploit being so recent, there are still many servers, both on-premises and within cloud environments, that have yet to be patched. Like many high severity RCE exploits, thus far, massive scanning activity for CVE-2021-44228 has begun on the internet with the intent of seeking out and exploiting unpatched systems. We highly recommend that organizations upgrade to the latest version (2.15.0-rc2) of Apache log4j 2 for all systems.
Ahana goes deep on AWS to help Presto users set up and query secure data lakes

Let the OSS Enterprise newsletter guide your open source journey! Sign up here. Ahana, a company that’s commercializing the open source Presto SQL query engine, has announced a new cloud integration with AWS Lake Formation, a fully-managed service that enables Amazon’s cloud customers to quickly set up data lakes.
Use Cortex XDR to find host with ports 80,443 open

Hello - I'm totally new to Cortex XDR and its XQL - though I need to find machines in our environment that have ports 80/433 open. Is this possible via XQL?. I started with these lines to see which column/s I could use for what I want to accomplish and I think it did not have it:
Tips & Tricks: How to Create an Application Override

Application Override is where the Palo Alto Networks firewall is configured to override the normal Application Identification (App-ID) of specific traffic passing through the firewall. As soon as the Application Override policy takes effect, all further App-ID inspection of the traffic is stopped and the session is identified with the custom application.
Security Advice on SSH & SSL/TLS week ciphers

I have few queries to be addressed. We have changed the SSL/TLS version using CLI to TLS 1.2 but when we run the scan we can see TLS 1.1 is also running at the back-end. We need to check which SSL/TLS version is running using CLI of the Firewall. What...
