AD trouble after installing content version 729

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

AD trouble after installing content version 729

L3 Networker

We had problems with AD after installing content version 729 this morning. Users were authenticated, but the logon process (group policy, drive mapping) was painfully slow. After we reverted to version 727 everything was OK again. The strange thing is that I see no traffic to our AD controllers being stopped by the firewall.

 

Anybody else seen this? We're using two PA-5050 in HA (active/passive) running PAN-OS 7.1.10.

52 REPLIES 52

Hi gwesson,

 

You're right, after a few hours the process has returned to normal... Thanks for your help!

L0 Member

Has anyone installed 730 yet?   Any issues at all with it?

 

I'm still rolled back to 727 right now, and I'm a little gun-shy at the moment.

We have been on 730 since 17:00 Pacific yesterday but we only removed our workaround to the affected policies this morning. Applications that were affected by 729 yesterday are working fine on 730 today. At least for our issue with ms-ds-smbv2, it is resolved - checked 'Data Filtering' monitor and our applications are not firing threats on the firewall anymore.

We have been running 730 since 03:00 local time both on East and West Coast and we are not experiencing any of the issues that we did yesterday.  Has anyone received and explanation on how a Vulnerabity signature caused fragmented packets even when its set to alert only?  By alert it seems that the packet flow should not be modified at all.

 

- Matt

L0 Member

Can anyone confirm which day app/threat usually rolls out?  We want to move our download day to a couple days after it is released into the wild, to avoid this type of problem in the future.  And it doens't seem like the "delay" function will work for anything more then 24 hours.

 

The only mention I see on PA's website is a doc from 6.1 that references Tuesday.  Wasn't sure if that was still the case.  

We added a delay of 24 hours, under the Applications and Threats Update Schedule> Threshold( hours).

This will delay the install of the content for 24  hours. 

L4 Transporter

I had version 7.1.10 and saw no issues not sure why not. Since then I have been upgraded to 730 that came out recently , I have mine set to automatically update

L3 Networker

This whole issue was pretty bad.  We had AD authentication issues at our main site for about 12 hours.  Stupid thing abou the entire issue is the notification process from PA.  We had gotten the notification about 729 being an issue but had no details on what the symptoms were.  It would have been so easy (and helpful) for PA to have included SOME/ANY DETAILS about the type of problems with the initial notification or a LINK TO FURTHER DETAILS.   It wasn't until we found a community thread indicating Microsoft AD authentication traffic was affected that we rolled back and life was good again.

 

Simple communication would have been so helpful.

  • 26621 Views
  • 52 replies
  • 10 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!