it's not really a discussion but more a let's document two actual issue I went through.
In rare cases when you have to deploy Pathfinder in a not direct connection to the internet (no DNS, and no web), then this might be of interest to you.
In Pathfinder you can set the proxy settings. In my case it is a non-authenticated proxy, so I just added proxy address and proxy port.
When doing a Connectivity check, all tests failed ! and no packets were sent to the proxy server.
Looking into the logs we can see the cause.
BUG1 : This is due because the scripts implemented in 16.02 sends commands to curl but fails because the username = ''
Workaround : enter any username and it works
All Connectivity tests are now working but I still cannot pair.
I get a message, please authorize in admin UI, but nothing appears in the pathfinder management UI, and then it fails miserably.
Looking at the logs (edited), we can see "internal IP address is invalid" because it's empty !
The cause of this is a bit complex but basically it's related to finding it's own ip based on the direct name resolution (dns) of your XDR Analyzer instance.
Workaround BUG2: find your instance name : example <xxxxxxxxxxxxcbaced8>.magnifier.eu.paloaltonetworks.com (replace with your own instance ID)
And create a 'A' DNS record for this entry which should resolve to 18.104.22.168.
Depending on your installation it can be hard to add another zone paloaltonetworks.com so another easier way is to use the DNSproxy feature of the PANOS with static entries
Unfortunatly, the list goes on.
Bug No 3:
After pairing and being authorize in the portail UI, the service restart itself, and then you might get an error message of something like
Configuration file corrupted.
Looking at the logs in the agent.log file. I saw an error :InvalidURL: Failed to parse: myuser:p0
This is due to a wrong parsing a password which is encoded in base64 and containing a slash character. '/'
2 workarounds :
1) given a statistics of 344 characters with a probability of 1/64 to be a slash. This give a chance of 5:1. So if you try 10 times, you probably have a working installation.
2) second workaround. Edit /etc/conf/lc.conf and replace the slash character by another characters and restart the service.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!