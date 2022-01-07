So after upgrading Panorama (and our firewalls) to PAN-OS 10.1.x, our security policies stopped working which had device tags attached to them. Turned out, the rules simply dissapeared from the firewalls. On Panorama, Combined Rule Preview shows the actual (tagged) rules as normal, but after a successful push/commit there's no...
Any impact or issues on Panorama-PA5220 v8.1.15 with User-ID agent v10.1.0 installed. As subjected, possible to have this scenario? any issues with this setup?. Furthermore, do UIA version need to be same or lower than Panorama or PA-5220 PAN-OS version?. If Panorama/PA-5220 upgrade to v9.1.x, any advise on UIA server...
I do a "Scheduled Config Export" every night. Old Panorama VM had to be rebuilt from scratch. No access to old VM. I have rebuilt the VM from OVA. When I try to "Import name Panorama configuration snapshot" per restore documents I get an error that the file is not an .xml.
We have enabled internal host detection in GP portal with "enforce users to connect GP" option to yes. There is no internal portal and internal gateway configured. When user walk into office GP connecting as a internal. We have set our DNS server ip in internal host detection. I was...
I have a custom timer filed called analysttimer, which recording the time analyst spend on an incident, once the incident this field will shows total time spend. I can see the total time is captured in the analysttimer.totalduration field. When create a report, I can only refer analysttimer filed as...
I recently noticed that URL Filtering licenses have been replaced by Advanced URL Filtering licenses. The version of the box is PAN-OS 8.1. My question is: Is it possible to use these new licenses with version 8.1, or do I need to upgrade to PAN-OS 9.x? If so, how do I activate these licenses?
Adding to the previous discussion with same setup where PA is doing decryption and the F5 is doing SSL bridging/offload while proxying for the server behind it. If we do SSL bridging/offload SSLlabs test goes fine with PA doing decryption and F5 will present cert. URLs show as domain.com. If...
I have setup 2 VM series FW in Azure in HA, however in the HA section there's no Operational Commands tab to go in and issue a suspend so it can failover to the secondary FW. I know in CLI you can put in a command to do this, but I'm interested to see if there is a fix for this.
In Gateway/Agent/Client Settings/IP Pools - have have four /24 networks configured for global protect to use. How can I view how many of each of those address blocks or all of them are in use at one time? And is there. a way to what the maximum useage has been?...
Is it normal to see Decrypted flag as yes even when there is no decryption policy configured. So what traffic will PA decrypt even when there is no decrypt policy?. GlobalProtect traffic will show decrypted regardless of whether or not you have a decryption policy setup for it. Other than that I can't think of anything off hand that should have that flag without a decryption entry.
I am trying to automate the push to device proccess through Panorama, I know that the xml API call for tat is commit all, but I was trying to find an API call that would shouw the device groups and templates that will be pushed (trying to get the values that appear in the dialog labeled "Push To Device" when you press on push to device in the GUI).
Hi Is it possible to setup and practice Panorama without license at lab for practice? thanks. The answer is no. To my knowledge there are only 3 ways to get trail/lab Panorama setup. - Contact your Palo Alto representative to request Panorama trial license. I have done it a few...
Been having a hard time getting through to support.. Maybe the community can help me. We are using device certificates pushed to laptops for autoVPN. But I am getting some instances where the user will get the error "A valid client certificate is required for authentication. If the issue persists, please speak to your system administration." Can someone point me how to go about troubleshooting that error? Thank you.
How do I prepare configuration so I can upload it to PA-3250?. @luis.perez I would suggest you not use expedition for PAN-OS to PAN-OS migration, you can try directly load the config you exported from PA-3020 onto PA-3250, and modify the config after you loaded. Any questions, please open a TAC case with our TAC support.
Here are some of the commnds I ean on ION2K via console:. -------------------------------------------------------------------------------- tcp 0 0 10.0.0.65:41419 52.8.25.40:443 ESTABLISHED. -------------------------------------------------------------------------------- == ion toolkit# ping controller 8.8.8.8. PING 8.8.8.8 (8.8.8.8) from 10.0.0.65: 56 data bytes. 64 bytes from 8.8.8.8: seq=0 ttl=117 time=13.652 ms. 64 bytes from 8.8.8.8: seq=1 ttl=117 time=13.592 ms.
Does anybody know if VM series Firewalls in GCP that are put into FIPS Mode actually downgrades the VM Bundle from PAYG Bundle 2 to Bundle 1? I had one firewall that was deployed with Bundle 2 and it had all the licenses. After I booted that firewall into maintenance mode, set to FIPS mode and rebooted, it only pulls down PA-VM, Premium, and Threat Prevention licenses now.
Hello guys we are configuring PA-5200s for Active/passive setup and we want to use ethernet interfaces for Control link after choosing ethernets as HA types we are no able to choose it from dropdown menu in HA setup only we can choose it for Data link control. Is there any limitations or do we missing something in configuration ?
I'm facing a very strange issue. I've updated server version to 6.5 and loaded all images included in .tar file downloaded through personal link (27,2 GB) and testing integrations I used to take advantage when company didn't have antivirus packet inspection (so at that time demisto use to download images on demand) but I get lots of errors for missing docker images. Am I wrong or tar file should have all of them included. Am I missing anything?
