I'd like to understand how Wildfire works. I have this example where Verdict is benign and action is block. Why?
We have two on-premises GlobalProtect Portals on two different HA systems in different locations in the state, we would like a simple process to handle when/if a site goes down for the end-users. Both portals are named different: East-Portal West-Portal Is it possible to have an AWS Application Load Balancer send traffic to the portals? Has ...
Hello Community, We would like to configure split tunneling on Global Protect settings for Webex traffic. We have the GlobalProtect Gateway License active and enabled. We have already configured a list of Subnet network excluded in GW >> Agent >> Clients settings >> Split Tunnel >> Access route >> Exclude H...
Hi folks, We have panorama and few pairs to managed firewalls being managed by panorama, Under the Templates, created CSR and imported the signed CA and pushed it to specific template firewall(say FW01-active), the managed firewall local configurations displays the new certificate, however, on the FW02-passive one the certificate did not sync....
Anyone else having issues with PA-445 stability? We're doing our 2nd RMA in less than 6 months on a PA-445 that just randomly restarts. It's on dual independent electrical circuits (with UPSs). After the first RMA it did it again and support said it needed an updated OS to resolved the issue (11.1.4). Same issue again (still on 11.1.4) and this ...
Hi LIVEcommunity, Is there a way for Cortex XDR to take the cleanest snapshot of windows so there is a point where we can rollback the endpoint after an attack? Windows has a feature called Volume Shadow Copy Service (VSS) but can Cortex XDR use this after a ransomware attack? What if the VSS is corrupted, how can Cortex XDR protect the VSS an...
We are migrating onpremise AD to AZUREAD. The doubt is that these users going to AzureAD and all the info (source name and group belong) can not be retrieved by the FW (as UIA did on premise mode). So how can get the info (users/groups) from AzureAD to configure policy source groups in Palo Alto? We doesnt have any SAML IdP configured in Palo Alto.
Our organization has started noticing that every 24 hours (give or take an hour) new connections to our Global Protect VPN service is rejecting new connections to the appliance. We also notice that the portal landing page stops responding and issues a generic SSL Error and the page cannot be displayed. The issue is only resolved by rebooting the...
Hi, Im seeing traffic logs with linux/Iphone devices going to internet through our tunnel GP, when internet access should be local. Is there any issue with routes GP in linux/apple devices? In windows is working fine
Dear all I have a question about snat address pool and route loop; If I set a snat policy and assign a public address pool(range)to it, like 110.1.1.1 to 110.1.1.11 PS. It's being used for visit internet; I have a default route to internet on my firewall, nexthop is ISP, and this ISP have a route about 110.1.1.1 to 110.1.1.11 next hop is ...
local admin created with authentication profile set to none but still PaloAlto is looking for authentication profile for this local user and not allowing to login, saying invalid username/password and here at FW end we are getting the log- Reason: Authentication profile not found for the userPAN OS - 11.1.10-h1 - Is this is a bug in this version...
Hi, Please I want monitor any command line excute on powershell or cmd with XQL for example quser or systeminfo cli. Thank you.
Hi everyone, I have button in the incident layout and the script it triggers creates a new incident and posts all of the war room entries to the new incident. In the incident, we have some notes that should also be seen as notes in the new incidents but I was not able to tag them succesfully. Read the XSOAR API documentation and I am using "/e...
Hi everyone, I have a question regarding SLA tagged scripts on XSOAR. I have a field-change-triggerred script that starts an SLA timer within automation if the field is changed to certain values. This part is okay and we observe that the sla timer starts succesfully. I want to run an SLA script when breach is triggerred for this timer. I have...
Is there an EOL for Broker VM? The following URL contains information about the end-of-life for Palo Alto products, but it does not appear to include any mention of the Broker VM. https://www.paloaltonetworks.com/services/support/end-of-life-announcements/end-of-life-summary I searched for other documents as well, but I was unable to find any ...
