Onboarding to Passive HA to Panorama

Hi Everyone,

I need advice on how to onboard the passive HA to Panorama. The Primary is already on Panorama but upon checking, it doesn't belong to a device group yet. I have read some documentation on how to onboard a local firewall to panorama, but

Are there signature release for following vulnerabilities?

Hello
I'm Tomoyuki Nakamura.

Are there any plans to release signature for the vulnerabilities below?.
These were not listed in THREAT VAULT or Security Advisory.

CVE-2024-50379
CVE-2023-34990
CVE-2024-48889
CVE-2024-12727
CVE-2024-12728
CVE-2024-12729

B

macOS GP client says its connected - but it really isnt

steps to repro issue:

1. run any Mac w Ventura or Sonoma installed

2. run any GP versions for past year (yes this issue remains unresolved that long)

3. click GP icon in your menubar to connect to corp network

4. after auth process - verify you see c

Palo Alto Global Protect

Hello. 

   I am looking to setup and use Palo Alto's Global Protect feature; The question I have is if I have only 1 egress port (WAN) port that is public-facing, can I setup my Global Protect on that egress port or do I need to use another port for

PA 445 ZTP

Hi Team,

I am planning to configure the new firewall using ZTP and also planning to manage this firewall completely via SCM.

Add a ZTP Firewall to Strata Cloud Manager

Following the above link to add teh ZTP FW to SCM.

> Need to know where will i get

How to install a Cortex XDR agent communicating through the Palo Alto Networks Broker VM?

1. I installed Cortex XDR Agents before setting up the Broker VM.

I want all the agents to route traffic through the Broker VM as a proxy. The Broker VM is activated and connected.

Should I uninstall the existing agents and reinstall them using the f

Impossible uninstall Cortex XDR

Hello,

Because of my previous work, I had to install Cortex XDR to work remotely from home and access to the VPN.

Now that I'm no longer working for them, I would like to uninstall Cortex XDR from my laptop (MacBook Pro M2) but it is impossible. I

PA-VM sysd_construct_sync_importer

We got a customer that runs into this issue recently, it's a known issue (not public) for versions 11.0.0, 10.2.3, 10.2.2-h1 (and also to us 10.2.3-h2, 10.2.2-2).

When you run into this, means that there's a hardware issue, please go to TAC in order

For those that seek to get SSH Proxy working

Searching the internet it seems that people are looking to enable SSH Proxy and not finding answers. I managed to get it working but must say that the current supported SSH decrytion parameters for all PAN-OS versions aren't the most secure ones so y

When will PAN-OS start supporting modern SSH ciphers?

I'm running PAN-OS 11.1 and OpenSSH 9.X.

I had to tune my sshd_config to support really ancient stuff like aesXXX-ctr and hmac-sha1 just to allow for SSH decrytion...

Please Palo Alto update the supported ciphers and MACs!!

which we suspect is being used to exploit the vulnerability

Has anyone observed unusual traffic or can share insights regarding a specific attack payload?

We’ve detected malformed DNS packets targeting port 53, flagged by our firewall as MS Windows NAT Helper DNS Query DoS Vulnerability (31339). These packets