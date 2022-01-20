ContributorsPublishersAdvertisers
PanGPA and PanGPS logs

By syed222
paloaltonetworks.com
 4 days ago

We now have more cases of users complaining of GP...

live.paloaltonetworks.com

paloaltonetworks.com

Tips & Tricks: Log Expiration Based on Time

Older PAN-OS had a purging logic which was checked against the logdb quota and the predefined quota size for reports. Oldest logs were deleted whenever a quota was reached until we reached the configured quota size for the given log type. We've grown since the olden days and a feature...
howtogeek.com

How to Log Out of Discord

Mahesh Makvana is a freelance tech writer who specializes in writing how-to guides. He has been writing tech tutorials for over a decade now. He’s written for some of the prominent tech sites including MakeUseOf, MakeTechEasier, and Online Tech Tips. Read more... If you use Discord on a shared...
paloaltonetworks.com

Portable router w/GlobalProtect client in firmware?

Portable router w/GlobalProtect client in firmware?. My company has been greatly affected by the pandemic, we went from running over a dozen call centers to almost completely WFH. An issue we have been experiencing is that our own operations staff refuse to send equipment from terminated coordinators back to IT...
paloaltonetworks.com

flow_fpga_ingress_exception_err and high latency

Recently deployed several PA-5250s Running 10.1.3 and there is a issue that randomly comes and goes. Latency for traffic going through the firewalls spikes to 100-500ms. I was able to capture one thing that looked peculiar and that was flow_fpga_ingress_exception_err counts were high (8169388322) and the rate was high (12468). But I can't seem to find a good definition as what this would indicate.
#Dump Debug And Info
paloaltonetworks.com

Regarding access between two sites

I need help regarding access to the Web Server. Firstly, please refer to the image I have attached. Our company has 2 different sites. Site A has a Web Server with two different Websites hosted (let's say xxx.com and zzz.com) and our employees from site B connect to this web server.
paloaltonetworks.com

Strict IP Address Check after 9.1.12

Customer upgraded to 9.1.12 and after that it was noticed that for some of the zones, traffic was dropped. During debug,it was concluded that reason is Strict IP Address Check in the Zone Protection Profile:. "flow_dos_pf_strictip 1 0 drop flow dos Packets dropped: Zone protection option 'strict-ip-check'" In the 9.1.12...
paloaltonetworks.com

PAN OS 8.1 support after March 1st 2022

I see that support for PAN OS 8.1 will end on March 1st 2022 for some Palo Alto platforms. On other Palo Alto platforms, PA-200, PA-500, PA-5000 series and M-100, support for PAN OS 8.1 will continue until their respective hardware EOL dates e.g., 23 October 2023 for the PA-500.
paloaltonetworks.com

Destination Zone

I found in documentation : "Assign destination zone based on Interface packet would egress from" What is behind this "would" ? How is choose the destination zone , based on FW topology or routing table or ?. I have set a route (next hop Tunnel interface) to a subnet and...
paloaltonetworks.com

How to make upstream connected devices learn that downstream core switches are down

How to make upstream connected devices learn that downstream core switches are down. We have active passive setup of firewalls in both DC and DR site. The scenario I am trying to work on is, if my downstream connected core switches are down in primary DC, how can make ISP and MPLS connected devices on my upstream learn that all traffic should be routed to DR site firewalls.
COMPUTERS
paloaltonetworks.com

GCP VM-Series Bundle 1 from market place - No Traffic logs

I have deployed vm-series bundle-1 for POC purpose from market place. Created 3 VPCs one for mgmt one for untrust one for trust. In mgmt console created network interfaces pointing to newly created security-zones and using default virtual router. I want to monitor traffic going out from trust zone(which is a separate vpc/subnet and has a single vm).
COMPUTERS
paloaltonetworks.com

Cortex Xdr Partial protected (7.4)

Cortex Xdr Partial protected (7.4) we have a problem with some of our linux servers ,. the policy is the same on all servers (also those with status 'protected') the only thing that i find is the ited proccess stopped ,. is that can cause the isse?. also cant start...
COMPUTERS
paloaltonetworks.com

aggregate interface

I would like to have the community opinion on two different setups and which one is the recommended by PA, i have looked for documentation about this and i cannot find a straight answer. All i could find was:. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008V36CAE&lang=en_US%E2%80%A... This document states, if i am interpreting it correctly that...
COMPUTERS
paloaltonetworks.com

fatal Error during ensure repo

I am facing a strange issue. I was trying to change the certificate like explained in this link https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-1/cortex-xsoar-admin/installation/post-insta... But after I did the restart, cortex XSOAR does not work anymore and I have this single error which I cannot understand. fatal Error during ensure repo (10040) (source: /builds/gopath/src/github.com/demisto/server/server.go:919) Putting...
COMPUTERS
paloaltonetworks.com

bgpimportprofile/bgpexportprofile panos python module

Has anyone tried setting up a bgp import/export profile using the panos library?. I created the configuration tree as expected, added bgp to the virtual router and created the bgppeer and bgp peer group objects as well. bgp_export_rule = panos.network.BgpPolicyExportRule(name="test-export-5",enable=True,used_by=["testbgpgroup"],action="deny") bgp_export_rule.create() getting the following error. PanXapiError: test-export-5 -> match ->...
SOFTWARE
paloaltonetworks.com

ECMP Configuration Questions

New to the board. I have two WAN circuits going to two separate ISPs. I would like to run ECMP with weighted round robin over ISP1 & ISP2. However, I want to verify this can be achieved successfully in my environment. I have 15-20 VPN connections to various agencies which all must go out the correct circuit (ISP1) and IP address. I have hard coded these in as destination NAT rules and they work fine but currently I am only using ISP1 and ISP2 is strictly a backup. I have read a few articles stating this is possible but that I would need multiple VRs. I currently only have one VR in place. Is there a good document somewhere with detailed configuration steps or could someone tell me if this configuration would work in my environment?
SOFTWARE
paloaltonetworks.com

There is not enough space on the disk

I have facing issue about XDR agent. My XDR agent has status no connection in XDR console, but after I checked in the XDR Tenant status for my device has connected status. After I checked logg in agent I find logg c:\ProgramData\Cyvera\LocalSystem\Persistence\\post_detection.db: IO error: c:\ProgramData\Cyvera\LocalSystem\Persistence\\post_detection.db/000013.ldb: There is not enough space on the disk. , But after I checked my disk is still have space available.
COMPUTERS
BGR.com

Best cheap laptops in 2022: The most bang for your buck

If you’re looking to buy one of the best cheap laptops, then you’ve got your work cut out for you. Not only are there hundreds of options out there, but not all laptops are created equal. Because of that, we’ve put together a list of cheap laptops that should help you narrow down your choices. Of course, when you’re looking for a cheap laptop, there are a few things to keep in mind. First, what exactly does cheap mean? For us, cheap usually means any laptop under $600, though there are a couple of places you might need to go above...
COMPUTERS

