I have a handful of users having problems signing in to our GlobalProtect. The common thread is the embedded browser being redirected to this page. We even force installed the latest preferred 6.2 client with the use default browser option(in that case Firefox) and it still got this redirect. These people were working last week. To add we us...
We installed the CIE Agent to send AD info to CIE. I recently discovered another team had deployed the Agent on another server, for the same domain. We *think* it is about this time we started not seeing group information in our XDR Assets and other user info. Should we have two CIE agents installed to access the same domain?
We just migrationed from Cisco Firepower: We have some Negate Geo block rules that will block any country that is NOT on the lists of allowed, but now it is unintentinally blocking CGNAT addresses. We would still like to only allow US CGNAT's but the fix below would be world wide I believe? We don't want to wait until someone travels around the ...
Hi, We are getting a few alerts for "Evasion Technique - 1244315488" - "Evasion technique using reflective loading." While investigating I can see that a base64 encoded PE file is written in the registry by taskhosw.exe under "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UCPD\DR\000" -The registry key is not super well documented (UserCh...
Greetings,Im trying to configure "Automation Rules" to "High" severity issues for the automatic isolation of endpoints. Right now its configured as the following images show, but theyre not triggering the playbooks nor rules. ¿Any ideas or suggestions on why its not triggering?
I've just come back after a few months, and uploaded a new TSF file to the BPA tool, and it shows me there are issues in a number of rules that are CSC/non-CSC checks, but when I bring up the list of issues, where previously you could expand each rule with an issue to show the exact problem with it, it now does not expand the details, ie. I am u...
Hi Team, Today I created a new RN-SPN in one of the US location and I see the Service Endpoint Address is being displayed with the FQDN. Have created multiple nodes before and never saw an FQDN and it use to be IP address always. Just wanted to confirm if this is something which is new and will the IP address the FQDN resolving now will be sta...
I’m having an issue accessing the passive firewall in my cluster via SSH or Telnet. I can access it normally through the GUI and authenticate using LDAP or my local admin user. The active firewall authenticates both GUI and CLI without any problems. What I’ve tried: Restarted the firewall. Reset the SSH service via API and also rebooted the dev...
Hi All, I am trying to confirm what is max number of entries can API query return for address object .Like we have around 50k address , will API query will fetch all data in single page or it will fetch specific number of entries ? or we need to use some sort of pagination if we have some limit per page and what parameter i can use. Thanks
I am using two PA-440 firewalls for a laptop testing. The purpose of the Lab is to test for VPN connectivity before deployment. Firewall A = has an external IP of 17.11.19.69/30 - Internal address 2.2.2.2/24 (LAN) Firewall B = has an external IP of 17.11.19.68/30 - internal address 3.3.3.3/24 (LAN) Because I have a block of public IP's, eac...
The Pro per Endpoint license includes the option "Send Security Event from other data sources."Why don't I have the Syslog option in BrokerVM?Thank you very much for your suggestions and answers.
Hi, I'm looking into how we can use the built-in content repository to push content from the development to the production tenant. In this scenario, Palo Alto will handle the content repository. If I want to manage branching, is it possible to do so without using a private GitHub repository? I would appreciate any insights on this.
Hi everyone, Lately, I’ve been thinking about how designing a strong cybersecurity strategy feels a lot like playing a complex game of Mahjong: every move matters, timing is crucial, and one wrong tile can shift the entire outcome. With AI-driven automation and increasingly dynamic threat landscapes, our “tiles” — firewalls, threat intelligence,...
In the datasheet, the rack mount kit for the PA-510 is listed as “PAN-PA-400-RACKTRAY”, but in the technical documentation, it’s written as “PAN-1RU-4POST-RACK-10.”Is there a qualified Palo Alto Networks staff member who can confirm which one is actually correct? Honestly, Palo Alto could really be more careful—this kind of inconsistency in th...
Welcome to the CDSS Monthly Newsletter The Cloud-Delivered Security Services (CDSS) Monthly Newsletter brings you the latest updates, insights, and innovations from Palo Alto Networks’ cloud-powered security platform. Each month, we spotlight key product releases, upcoming events, technical tips, and best practices across our Advanced Core Sub...
