Resolved! Security/App-ID Bypass?
Can someone within Palo Alto Networks comment on this video? This seems like it could be an easy attack vector...Palo Alto Networks Security Bypass - YouTube
Can someone within Palo Alto Networks comment on this video? This seems like it could be an easy attack vector...Palo Alto Networks Security Bypass - YouTube
Hello, I have two PA-2020 in an HA Active Passive scenario. Just looking around in my CLI, I noticed that the maint partition is empty on one of my nodes, but has an older 4.0.3 on the other node.Partition State Version--------------------------------------------------------------------------------sysroot0 REVERTABLE 4.1.7s...
The following change log may be useful to all of you wondering how an upgrade goes in an HA active-passive pair. It would be nice if PAN support were to put this into a tech note. Each step is essentially a check or an observation from top to bottom.2050 Firewall Upgrade 4.07 to 4.1.2 Log:Pre download of PAN-OS 4.1.0 and 4.1.2 to both unitsNo co...
Being a newb and never having updated my Active/Passive HA pair, I took the 4.1.10 release notes at face value. There is no mention of special provisions for HA upgrades so I clicked "install" and now have a 4.1.10 Active member and a mismatched 4.1.7 passive member. Having now read the full product documentation I understand the "proper" way to...
Hi,I have a PAN-2050 (Software version 4.1.5) and i have configured a predefined report with diferents tops (top 5 connections, top 5 destinations, top 5 applications). The problem is that when i dowload and see the PDF with the report i cant see the entire ip in the Top 5 connections and i dont know where i can do more bigger the field where th...
I've been working on trying to configure all the firewalls with the Agentless User-ID setup but despite several attempts to enable it I cannot get it to ignore users.I establish a session and enter config mode and type in the command set user-id-collector ignore-user [ domain\serviceaccount ] then commit the changes and despite doing so I still ...
I've been having issues downloading release notes regularly. The download doesn't even start, no matter if initiated from the support page or from the PA UI (Device-Software).Not a policy issue...Anyone else noticed that ?
I realised that some traffic from several remote clients is going through the firewall with another remote-local IP address, different from my remote assigned-pool. Obviously, this traffic is beeing dropped. It happens with users accessing correctly to other services (with the correct VPN-assigned IP). Could it be a Global Protect issue?It start...
I'm getting the following error when I perform a commit on a PA-3020. PAN-OS 5.0.1. I know I'm doing something wrong. I'm new to installing certs so feel free to point and laugh.I had a certificate signed by GoDaddy for use by Global Protect. It came signed by an Intermediate CA.I've created a chained certificate to make sure the Intermediat...
We are currently having a problem with a new domain where the group membership intermittently disappears. If you run the command "show user user-IDs match-user domain\" (4.1.x) or "show user pan-agent user-IDs match-user domain\" (4.0.x) it shows users mapped to AD groups.This is happening on a single new domain where all other domains are worki...
Hello,We have a customer who has installed and configured a PanOS 5.0.0 A/P cluster of devices a few time ago.Now he has bought a Panorama licence to centrally manage and report his devices.Is there a quick and straight way to import devices congigurations into Panorama ?I have seen this documentation that describes how to manually import a conf...
So in discussions with a few customers the BGP functionality has come up when peering with ISPs and replacing dedicated BGP equipment. The route table size on the PAN5060 is roughly 64000 routes. Most Universities have tables upwards of a 1/2 Million. Also Dynamic routing is currently unsupported on IPv6 as of PANOS5.0.2. As a workaround we...
I am looking for a two factor authentiction solution for PAN firewalls (Global Protect). particularly interested in a Mobile phone base app to provide security token or OTP to authenticate users via Global Protect. Anybody have any good or bad experiences with these?
Hi I'm using radius (rsa) to authenticate GP users and can't get me head around the GP client configuration - specifically the section where you need to put a username and password. How can this be possible when the RSA token changes every minute?Can someone shed some light on this please ThanksRod
I’ve got problem with policy based forwarding. I have 2 ISP - traffic to the 1st ISP is forwarded by pbf, to the 2nd – via default route. PBF rule monitors the remote target’s IP and availability of nexthop address. My question is: how the pbf is checking availability of the nexthop address. I have sniffer open on nexthop address host but I can’...
| Subject | Likes |
|---|---|
| 4 Likes | |
| 2 Likes | |
| 2 Likes | |
| 1 Like | |
| 1 Like |
| User | Likes Count |
|---|---|
| 4 | |
| 3 | |
| 2 | |
| 2 | |
| 2 |

