https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/pathfinder-16-02-not-working-with-proxy-settings/m-p/287605#M20 <P>Hello,</P><P>&nbsp;</P><P>it's not really a discussion but more a let's document two actual issue I went through.</P><P>In rare cases when you have to deploy Pathfinder in a not direct connection to the internet (no DNS, and no web), then this might be of interest to you.</P><P>In Pathfinder you can set the proxy settings.&nbsp;In my case it is a non-authenticated proxy, so I just added proxy address and proxy port.</P><P>When doing a Connectivity check, all tests failed ! and no packets were sent to the proxy server.</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Connectivity checks errors" style="width: 800px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/21320i0E70FB0BCF9CA0A1/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="pathfinder.png" alt="Connectivity checks errors" /><span class="lia-inline-image-caption" onclick="event.preventDefault();">Connectivity checks errors</span></span></P><P>Looking into the logs we can see the cause.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="pathfinder_username.png" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/21321i158D1C274F25A9C8/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="pathfinder_username.png" alt="pathfinder_username.png" /></span>BUG1 : This is due because the scripts implemented in 16.02 sends commands to curl but fails because the username = ''</P><P>Workaround <STRONG>: </STRONG>enter any username and it works</P><P>All Connectivity tests are now working but I still cannot pair.</P><P>I get a message, please authorize in admin UI, but nothing appears in the pathfinder management UI, and then it fails miserably.</P><P>Looking at the logs (edited), we can see "internal IP address is invalid" because it's empty !<span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="error_pathfinder_16.02.png" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/21323i2739E000AB9C2B35/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="error_pathfinder_16.02.png" alt="error_pathfinder_16.02.png" /></span></P><P>&nbsp;</P><P>The cause of this is a bit complex but basically it's related&nbsp; to finding it's own ip based on the direct name resolution (dns) of your XDR Analyzer instance.&nbsp;</P><P>Workaround BUG2: find your instance name : example &lt;xxxxxxxxxxxxcbaced8&gt;.magnifier.eu.paloaltonetworks.com (replace with your own instance ID)</P><P>And create a 'A' DNS record for this entry which should resolve to&nbsp;154.59.126.13.</P><P>Depending on your installation it can be hard to add another zone paloaltonetworks.com so another easier way is to use the DNSproxy feature of the PANOS with static entries</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="dns-proxy.png" style="width: 868px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/21325iEF79256D2799F688/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="dns-proxy.png" alt="dns-proxy.png" /></span></P> Tue, 10 Sep 2019 12:34:26 GMT Retired Member 2019-09-10T12:34:26Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/pathfinder-16-02-not-working-with-proxy-settings/m-p/287605#M20 <P>Hello,</P><P>&nbsp;</P><P>it's not really a discussion but more a let's document two actual issue I went through.</P><P>In rare cases when you have to deploy Pathfinder in a not direct connection to the internet (no DNS, and no web), then this might be of interest to you.</P><P>In Pathfinder you can set the proxy settings.&nbsp;In my case it is a non-authenticated proxy, so I just added proxy address and proxy port.</P><P>When doing a Connectivity check, all tests failed ! and no packets were sent to the proxy server.</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Connectivity checks errors" style="width: 800px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/21320i0E70FB0BCF9CA0A1/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="pathfinder.png" alt="Connectivity checks errors" /><span class="lia-inline-image-caption" onclick="event.preventDefault();">Connectivity checks errors</span></span></P><P>Looking into the logs we can see the cause.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="pathfinder_username.png" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/21321i158D1C274F25A9C8/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="pathfinder_username.png" alt="pathfinder_username.png" /></span>BUG1 : This is due because the scripts implemented in 16.02 sends commands to curl but fails because the username = ''</P><P>Workaround <STRONG>: </STRONG>enter any username and it works</P><P>All Connectivity tests are now working but I still cannot pair.</P><P>I get a message, please authorize in admin UI, but nothing appears in the pathfinder management UI, and then it fails miserably.</P><P>Looking at the logs (edited), we can see "internal IP address is invalid" because it's empty !<span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="error_pathfinder_16.02.png" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/21323i2739E000AB9C2B35/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="error_pathfinder_16.02.png" alt="error_pathfinder_16.02.png" /></span></P><P>&nbsp;</P><P>The cause of this is a bit complex but basically it's related&nbsp; to finding it's own ip based on the direct name resolution (dns) of your XDR Analyzer instance.&nbsp;</P><P>Workaround BUG2: find your instance name : example &lt;xxxxxxxxxxxxcbaced8&gt;.magnifier.eu.paloaltonetworks.com (replace with your own instance ID)</P><P>And create a 'A' DNS record for this entry which should resolve to&nbsp;154.59.126.13.</P><P>Depending on your installation it can be hard to add another zone paloaltonetworks.com so another easier way is to use the DNSproxy feature of the PANOS with static entries</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="dns-proxy.png" style="width: 868px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/21325iEF79256D2799F688/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="dns-proxy.png" alt="dns-proxy.png" /></span></P> Tue, 10 Sep 2019 12:34:26 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/pathfinder-16-02-not-working-with-proxy-settings/m-p/287605#M20 Retired Member 2019-09-10T12:34:26Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/pathfinder-16-02-not-working-with-proxy-settings/m-p/288118#M21 <P>Unfortunatly, the list goes on.</P><P>Bug No 3:</P><P>After pairing and being authorize in the portail UI, the service restart itself, and then you might get an error message of something like</P><P>Configuration file corrupted.</P><P>Looking at the logs in&nbsp;<SPAN>the agent.log file. I saw an error :</SPAN><SPAN>InvalidURL: Failed to parse: myuser:p0</SPAN></P><P><SPAN>This is due to a wrong parsing a password which is encoded in base64 and containing a slash character. '/'</SPAN></P><P><SPAN>2 workarounds :</SPAN></P><P><SPAN>1) given a statistics of 344 characters with a probability of 1/64 to be a slash. This give a chance of 5:1. So if you try 10 times, you probably have a working installation.<BR />2) second workaround. Edit /etc/conf/lc.conf and replace the slash character by another characters and restart the service.<BR /></SPAN></P><P><SPAN>Regards</SPAN></P><P><SPAN>Frank</SPAN></P> Thu, 12 Sep 2019 15:37:55 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/pathfinder-16-02-not-working-with-proxy-settings/m-p/288118#M21 Retired Member 2019-09-12T15:37:55Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/pathfinder-16-02-not-working-with-proxy-settings/m-p/292834#M22 <P>Support has announced resolution of those 3 bugs for next release of Pathfinder.</P><P>&nbsp;</P><P>Let's cross fingers</P><P>&nbsp;</P><P>Regards</P><P>Frank</P> Mon, 14 Oct 2019 09:57:15 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/pathfinder-16-02-not-working-with-proxy-settings/m-p/292834#M22 Retired Member 2019-10-14T09:57:15Z