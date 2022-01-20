ContributorsPublishersAdvertisers
Incorrect GlobalProtect Version reported in GlobalProtect Monitor

By AstonMartinF1
paloaltonetworks.com
 4 days ago

When looking at the globalprotect logs within the monitor tab on my PA-3220 running...

live.paloaltonetworks.com

paloaltonetworks.com

Cortex Xdr Partial protected (7.4)

Cortex Xdr Partial protected (7.4) we have a problem with some of our linux servers ,. the policy is the same on all servers (also those with status 'protected') the only thing that i find is the ited proccess stopped ,. is that can cause the isse?. also cant start...
paloaltonetworks.com

Doubt if global protect can be integrated with WSUS

Actually, We have Globalprotect checks the status of Windows patches on users computers and informs the user if any are missing. We update the computers through WSUS. Globalprotect seems to get the missing patches from a source other than WSUS(Microsoft?) and tells the user that there are patches missing that we have not yet released on our system. The user searches windows update and finds nothing.
paloaltonetworks.com

Get a full list of security rules with IPS Profiles

I am trying to create a playbook that will go through a devices active policy and for any Allow rule list out the IPS profile defined for that rule. Currently I have not been able to get my playbook to provide the output of the rules so I can filter, so I know I must be doing something wrong.
paloaltonetworks.com

Exporting shared rulebase

I am in the process of converting our Juniper SRX's to Palo Alto's. During the process I reorganized some of the security rules and converted them to shared pre rules. When I export the configuration it doesn't seem to get these rules? It looks like I can only export vsys1 rules?
paloaltonetworks.com

vm-series on azure - failing to start

Anyone have luck deploying a standard vm-series in Azure lately? Hitting the mgmt interface with a web browser will sometimes (most of the time it doesn't respond) display the following: "ATTENTION A critical error has been detected, preventing proper boot up of the device..." Have tried multiple times to get this to deploy on bundle 2 and keep seeing the same thing. I really need to spin one of these up but I can't for whatever reason. Tried emailing support but it was a dead end. Thanks for any assistance.
paloaltonetworks.com

fatal Error during ensure repo

I am facing a strange issue. I was trying to change the certificate like explained in this link https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-1/cortex-xsoar-admin/installation/post-insta... But after I did the restart, cortex XSOAR does not work anymore and I have this single error which I cannot understand. fatal Error during ensure repo (10040) (source: /builds/gopath/src/github.com/demisto/server/server.go:919) Putting...
paloaltonetworks.com

Guidance on swinging an Exchange 2016 On-Prem server from ASA to PA 820 (vWired currently)

Guidance on swinging an Exchange 2016 On-Prem server from ASA to PA 820 (vWired currently) Hello everyone, currently I've about 3 publicly available servers still running through an old ASA5510 that I would like to move to the PA 820 that we have. 2 of them will be easy as they're basically web servers but its the Exchange server that has me concerned. I'm looking for a guide or some assistance in helping pre-create the security policies and NAT rules to allow the traffic to flow. Is there any such guide out there?
paloaltonetworks.com

Query regarding upgrade Path to 8.1.21-h1

I have a PA-500 device running on 8.1.20 currently . From this version can we jump directly to 8.1.21-h1 Or we need to go via intermediate path ?(8.1.20 >8.1.21>8.1.21-h1) Also not able to see any Palo Alto reference article about upgrade path , Is it available ?. 1 REPLY. 4...
paloaltonetworks.com

flow_fpga_ingress_exception_err and high latency

Recently deployed several PA-5250s Running 10.1.3 and there is a issue that randomly comes and goes. Latency for traffic going through the firewalls spikes to 100-500ms. I was able to capture one thing that looked peculiar and that was flow_fpga_ingress_exception_err counts were high (8169388322) and the rate was high (12468). But I can't seem to find a good definition as what this would indicate.
paloaltonetworks.com

dataplane is not up or invalid target-dp | Upgrade from 9.0.15 to version 10.X

Dataplane is not up or invalid target-dp | Upgrade from 9.0.15 to version 10.X. Ran into errors with our Palo Alto PA-3250-1 after starting the upgrade process to version 10,. On phone with TAC (been on hold for hours, waiting for engineer). Has anyone ran into similar issues? Searched online, very few articles.
paloaltonetworks.com

Error: ( description contains 'Trigger AddrObjRefresh commit for group-mapping' )

I received the following error message from our firewall:. opaque: Trigger AddrObjRefresh commit for group-mapping. mp ms.log.old 2022-01-18 07:07:31 2022-01-18 07:07:31.262 -0600 device server refresh triggered via sysd mp ms.log.old 2022-01-18 07:07:31 2022-01-18 07:07:31.262 -0600 dnscfgmod: Main refresh function: (unknown) mp ms.log.old 2022-01-18 07:07:31 2022-01-18 07:07:31.262 -0600 dnscfgmod:Fqdn refresh job 366545 scheduled.
paloaltonetworks.com

Cortex XDR-File hash Allow/Block on specific endpoint

Can we allow/block the file hash for a particular endpoint instead of allowing/blocking the file hash on all the endpoints?. Alternately, you can also look at using Exception Profile for specific modules that you want the process to be exempted from (Step 3 here). Hi @bbarmanroy ,. But this will...
paloaltonetworks.com

MLAV cloud error, all machine Learning engines stopped

MLAV cloud error, all machine Learning engines stopped. Received this high-alert message on a PA5220 (10.0.8-h4) this morning, "MLAV cloud error, all machine Learning engines stopped". Has anyone else received this message before? If so, what steps should I take to troubleshoot and resolve the message? Thank you. 3 REPLIES.
paloaltonetworks.com

debug dataplane reset ssl-decrypt certificate-status command

Debug dataplane reset ssl-decrypt certificate-status command. I was just wondering if running the below command will have any impact on a production environment or is it merely resetting the cache status and shouldn't have issues to run in production?. >debug dataplane reset ssl-decrypt certificate-status. Thanks. 1 ACCEPTED SOLUTION. Wednesday -...
paloaltonetworks.com

Expedition Set Interface Zone

I wanted to be able to set multiple interfaces to the same zone but I'm unable since it doesn't let me. I'm running 1.2.5 but in previous releases it didn't work as well. To do this I would suggest you go under the Network > Zones area and add all the interfaces under the zone there. Please let me know if this works for you.
paloaltonetworks.com

SSL Decryption - replacing Forward Trust Certificate not working for IOS devices

SSL Decryption - replacing Forward Trust Certificate not working for IOS devices. The Forward Trust certificate on a PA-820 firewall pair was expiring, so we issued a new SubCA certificate from the Windows ADCS root CA server and updated it on the firewall. The certificate was imported with a 2048bit key and there is a password on the key. Since switching over to the new certificate for forward trust (SSL Decryption), IOS devices are no longer able to browse to the internet when an SSL Decryption policy is applied, where Windows devices are able to without issue. The IOS devices show an error “This connection is not private”.
paloaltonetworks.com

auto-tagging registration on remote user-id agent

Did someone manage to use dynamic tag registration on the remote user-id agent? I cannot find any explanation in documentation or community discussions. It is written in the manual that need to create a http profile. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/monitoring/forward-logs-to-an-https-destin... So, first of all, there should be some login/password - what is this...
paloaltonetworks.com

Tips & Tricks: Log Expiration Based on Time

Older PAN-OS had a purging logic which was checked against the logdb quota and the predefined quota size for reports. Oldest logs were deleted whenever a quota was reached until we reached the configured quota size for the given log type. We've grown since the olden days and a feature...
