We had problems with AD after installing content version 729 this morning. Users were authenticated, but the logon process (group policy, drive mapping) was painfully slow. After we reverted to version 727 everything was OK again. The strange thing is that I see no traffic to our AD controllers being stopped by the firewall.
Anybody else seen this? We're using two PA-5050 in HA (active/passive) running PAN-OS 7.1.10.
We have been on 730 since 17:00 Pacific yesterday but we only removed our workaround to the affected policies this morning. Applications that were affected by 729 yesterday are working fine on 730 today. At least for our issue with ms-ds-smbv2, it is resolved - checked 'Data Filtering' monitor and our applications are not firing threats on the firewall anymore.
We have been running 730 since 03:00 local time both on East and West Coast and we are not experiencing any of the issues that we did yesterday. Has anyone received and explanation on how a Vulnerabity signature caused fragmented packets even when its set to alert only? By alert it seems that the packet flow should not be modified at all.
Can anyone confirm which day app/threat usually rolls out? We want to move our download day to a couple days after it is released into the wild, to avoid this type of problem in the future. And it doens't seem like the "delay" function will work for anything more then 24 hours.
The only mention I see on PA's website is a doc from 6.1 that references Tuesday. Wasn't sure if that was still the case.
This whole issue was pretty bad. We had AD authentication issues at our main site for about 12 hours. Stupid thing abou the entire issue is the notification process from PA. We had gotten the notification about 729 being an issue but had no details on what the symptoms were. It would have been so easy (and helpful) for PA to have included SOME/ANY DETAILS about the type of problems with the initial notification or a LINK TO FURTHER DETAILS. It wasn't until we found a community thread indicating Microsoft AD authentication traffic was affected that we rolled back and life was good again.
Simple communication would have been so helpful.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!