Hello, As part of the implementation of log forwarding to an Azure collector, we would like to identify the source IP addresses currently used for routing logs from our equipment. An IPSec tunnel is already in place between the front-end and Azure. How can we identify the source IP addresses for routing logs from the following devices to t...
Hi, We have a large memory consuption of memory in SQL servers and micro-services, the question it is posiible to limit the memory consuption for these especific cases or there is another recomendation to create a profile with some exceptions for the SQL process? Actually is some cases the agent is using 3 GB or more of memory. Thanks for your...
Hi Team, I have a question regarding the output of the “show ctd-agent status security-client” command.My understanding is that this command displays the connection status between the firewall and the content cloud.In our customer’s environment, I observed a difference in the command output after upgrading from version 10.2.x to 11.1.x. [PAN...
we have a XDR console, in the console there is no system serial number, gateway ip.Cortex XDR Cortex XSIAM
Attention: JAPAC TPM teamHello Team, I confirmed from the following documents that BGP filtering and route metric support have been introduced as new features in Prisma Access 6.0:(1) https://docs.paloaltonetworks.com/prisma-access/release-notes/6-0/prisma-access-about/new-features?otp=concept-j4m_cjd_v2c(2) https://docs.paloaltonetworks.com/p...
I have a handful of users having problems signing in to our GlobalProtect. The common thread is the embedded browser being redirected to this page. We even force installed the latest preferred 6.2 client with the use default browser option(in that case Firefox) and it still got this redirect. These people were working last week. To add we us...
We installed the CIE Agent to send AD info to CIE. I recently discovered another team had deployed the Agent on another server, for the same domain. We *think* it is about this time we started not seeing group information in our XDR Assets and other user info. Should we have two CIE agents installed to access the same domain?
We just migrationed from Cisco Firepower: We have some Negate Geo block rules that will block any country that is NOT on the lists of allowed, but now it is unintentinally blocking CGNAT addresses. We would still like to only allow US CGNAT's but the fix below would be world wide I believe? We don't want to wait until someone travels around the ...
Hi, We are getting a few alerts for "Evasion Technique - 1244315488" - "Evasion technique using reflective loading." While investigating I can see that a base64 encoded PE file is written in the registry by taskhosw.exe under "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UCPD\DR\000" -The registry key is not super well documented (UserCh...
Greetings,Im trying to configure "Automation Rules" to "High" severity issues for the automatic isolation of endpoints. Right now its configured as the following images show, but theyre not triggering the playbooks nor rules. ¿Any ideas or suggestions on why its not triggering?
I've just come back after a few months, and uploaded a new TSF file to the BPA tool, and it shows me there are issues in a number of rules that are CSC/non-CSC checks, but when I bring up the list of issues, where previously you could expand each rule with an issue to show the exact problem with it, it now does not expand the details, ie. I am u...
Hi Team, Today I created a new RN-SPN in one of the US location and I see the Service Endpoint Address is being displayed with the FQDN. Have created multiple nodes before and never saw an FQDN and it use to be IP address always. Just wanted to confirm if this is something which is new and will the IP address the FQDN resolving now will be sta...
I’m having an issue accessing the passive firewall in my cluster via SSH or Telnet. I can access it normally through the GUI and authenticate using LDAP or my local admin user. The active firewall authenticates both GUI and CLI without any problems. What I’ve tried: Restarted the firewall. Reset the SSH service via API and also rebooted the dev...
Hi All, I am trying to confirm what is max number of entries can API query return for address object .Like we have around 50k address , will API query will fetch all data in single page or it will fetch specific number of entries ? or we need to use some sort of pagination if we have some limit per page and what parameter i can use. Thanks
I am using two PA-440 firewalls for a laptop testing. The purpose of the Lab is to test for VPN connectivity before deployment. Firewall A = has an external IP of 17.11.19.69/30 - Internal address 2.2.2.2/24 (LAN) Firewall B = has an external IP of 17.11.19.68/30 - internal address 3.3.3.3/24 (LAN) Because I have a block of public IP's, eac...
