Hello LiveCommunity Team! I created this post to share my experience regarding the User-ID Hub for multi-vsys environments involving some User-ID incomplete table for a specific vsys:I have an NGFW with multiple vsys, and in each vsys I have configured a unique Data Redistribution Appointing to dedicated User-ID Agents and Panorama/NGFWs, local ...
Hello LiveCommunity Team! I created this post to share my experience regarding an issue involving the User-ID domain mapping issue between the Prisma Access Mobile Users GlobalProtect conflict with the NGFW On-Premises. The conflict arises when an On-Premises NGFW and Prisma Access GlobalProtect use a different user identity sources and domain N...
Hello Community, We are experiencing an issue with GlobalProtect log retention on Panorama. Our Panorama manages 6 firewalls, and all firewalls are configured to forward logs to Panorama. However, on Panorama, the GlobalProtect logs for the managed firewalls are only retained for about 6 days. When we check the output of the command show sys...
Hi everyone, I am in a desperate situation. I have 1 month left to finish my PhD, and since June 1st, I have been completely locked out of my university network due to a bizarre GlobalProtect issue. I am consistently getting the "global protect authentication failed enter login credentials" error. I have tested every possible scenario, and the o...
Hi Everyone, I need some assistance integrating DNS Analytical Logs into XSIAM. I have tried collecting these logs using an XDR Collector and other available methods, but so far I have not found a supported approach. This requirement is quite urgent, and I would appreciate any guidance from anyone who has successfully integrated DNS Analytical L...
In order to accurately bill our customers, we would like to have a breakdown of credit usage per firewall. I was able to retrieve a list of all firewalls from our panorama instances and also the credit pools and how much is used in total from palo alto API. However, there doesn't seem to be an obvious way to break it down further. Is this tec...
Cortex XDR Cortex XSIAM Test, more to come.
I have a HA pair firewall without vsys license. Now, i would like to add the vsys license in this HA pair in production environment, Do the traffic affected ? how is HA status ? if so, how to minimize the impact for adding the vsys license ? from some document, the device will be in suspended status. some people said that the device have to r...
Dear all, I have a strange error after I upgraded my firewall to PAN-OS 11.1.15 to fix a GP vulnerability. (18990)06/04 17:44:57:208734 - PanKeyManager: Issuers: CN=ixxx, DC=ixxx, DC=local(18990)06/04 17:44:57:208841 - PanKeyManager: Use Cert: gp_user_new(18990)06/04 17:44:57:208883 - PanKeyManager: getPrivateKey for alias: gp_user_new(1899...
File Hash: <ea1bbdcb96f37f3204ce5486b1721e579eb7143ce8a1ebc58199f8eb44d84c8d> Link to Virustotal report for the file: <https://www.virustotal.com/gui/file/ea1bbdcb96f37f3204ce5486b1721e579eb7143ce8a1ebc58199f8eb44d84c8d> Current VirustTotal Verdict: <Maliicious>Description: <I am the author of this program. I work for Candes...
Global Protect ver 6.3.3-c42 is checking ExecStartPre value and if it finds a large UID greater than 60000, it won't install the software. Please can this be fed to product design or development team as this is a stopper for our roll out.
Has anyone experienced an issue with Cortex XDR Agent 9.2 where running cytool reconnect force causes the agent to uninstall itself and removes all assigned agent tags from the Cortex console? Is this a known issue or bug in Agent 9.2?
As an Ubuntu desktop/laptop admin at my company, I've had my fair share of gripes with Globalprotect VPN for Linux. So I wanted to share my home-grown fixes for various issues I've encountered. Yesterday, I encountered another such issue which the developers have kindly created for me. The issue is that Linux users with a UID > 60000 cannot l...
Hi everyone, I'm an IT technician and I'm trying to uninstall Cortex XDR agent version 7.9.1.26645 from a Windows 11 workstation. Unfortunately, I'm facing the following issues: - The standard uninstall from Programs & Features fails with: "Anti-Tampering is enabled. Please disable Anti-Tampering and retry the operation." - cytool protec...
Quite new to Panorama, but have been working with Palo Alto standalone firewalls for a little while. Client has 2 Active Passive HA FW's in Panorama and an ae1 interface with 4x 1G interfaces as members. They want to switch this to 4x of the 10G interfaces during an outage window. Am I right that I should be able to just remove the 4x 1G membe...
