TI automation - Foundation: custom prototype and SOC integration [part 2]

 Hi again,

after good feedback received on the first post on MineMeld architecture and hardening I wrote a new post on how I built the foundation of near-real-time integration of MineMeld with our Information Security Operation Center (i-SOC) custom

Different data in ACC reports and custome created report

Helo Everybody,

I have created a custom report in Panorama to generate the same data that we get in ACC - Application usage report, for last one month. But it looks like the data in the custom report is always different than that which is genereated i

Pre-defined reports only useful for Last24 hours?

Hi,

I wanted to use the pre-defined reports for a summary of the last 7 Days (or Last week) but as I see, these pre-defined reports only work for the last 24 hours / last day, even though I send the Email with all pre-defined reports only every sunday

Filter Policies by Target "Device-Tag" not possible with 9.1.x (Feature Request)

Hi,
since we are changing policy targets from "device name" to "device tag" (device-Tag defined in Panorama > Summary), we still have the need to filter for special devices (device-tags) within the policy sets.

But what I have seen with 9.1.6, filterin

HTTP Header Insertion

I have a rule with a URL filtering profile with HTTP Header Insertion and a Restrict-Access-To-Tenants list that has used up all the characters (512). I have tried to add another Restrict-Access-To-Tenants list but it won't accept it. I have also tri

Global Protect not detecting Crowd Strike Firewall

Hello, 

Was wondering if anyone could help me? We recently installed Crowd Strike Firewall, but it's not being detected by the HIP Check I setup. I have created a rule for Crowd Strike Firewall. So technically it should see it right?

PAN Security Advisory (11-AUG-2021)

Thought I would just put this notice out since I know a lot of people don't actually subscribe to security advisories directly. If you haven't already, I highly recommend that you sign up for notifications via https://security.paloaltonetworks.com/ a

User id not fetching for same ip in traffic logs.

User id not fetching  in traffic logs.we created user base rule on that basis mapped ip address shows user id for same rule .but some time user is not authenticated from that user base policy rule and it is moving from next any any rule. if it is mov

User-ID stopped working / Failed to add group to id manager

Hi Folks,

just to let you know, since I found no KB Articel for this issue. Policy Push from Panorama respectively local Commit on the Firewalls ended in strange Error Message according Group Assignment to Policy.

vsys1
Error: Failed to add group to i

Device uptime cycle question

Have any suggestion for uptime days?

I remenber seen one doc is 300days suggest reboot.

Now have any this doc?

Multiple domains on PA

Hello ,

We have integrated already the AD ( 3 Servers for redundancy)

The User id we are using is the default one which is on the PA FW

The domain is  abc.nl  . The setup is working .

Now we are building an entirely new domain called abc.es .   migrat

Possible to disable SSH CBC cipher and weak MAC hashing?

Hi,

May I check if it is possible to disable SSH CBC cipher and weak MAC hashing on Palo Alto Firewall?

If so, may I know how to do it.

Had no luck searching for a solution online.

Seems like there is no menu/config file (e.g. /etc/ssh/ssh_config) to e

bulk disable of security policies through CLI with set commands in a script

I have 6700 security policies I need to disable in a specific device group. I have them prepped in a text file in set format. CLI is only allowing paste of up to 20 lines at a time. I've tried enabling "cli scripting-mode on" and it still bombs after

IPsec tunnel doesn't show IKE gateway selected from drop down list

Hi All,

Hope you are doing good. 

I am running PA-8.1.0 on on VM and creating a tunnel with Cisco router. I completed all configuration on PA end. But when i go into ipsec tunnel, i can't see Ike gateway selected. I re-select it and then commit the c