PAN Security Advisory (11-AUG-2021)

Thought I would just put this notice out since I know a lot of people don't actually subscribe to security advisories directly. If you haven't already, I highly recommend that you sign up for notifications via https://security.paloaltonetworks.com/ a

User id not fetching for same ip in traffic logs.

User id not fetching  in traffic logs.we created user base rule on that basis mapped ip address shows user id for same rule .but some time user is not authenticated from that user base policy rule and it is moving from next any any rule. if it is mov

User-ID stopped working / Failed to add group to id manager

Hi Folks,

just to let you know, since I found no KB Articel for this issue. Policy Push from Panorama respectively local Commit on the Firewalls ended in strange Error Message according Group Assignment to Policy.

vsys1
Error: Failed to add group to i

Device uptime cycle question

Have any suggestion for uptime days?

I remenber seen one doc is 300days suggest reboot.

Now have any this doc?

Multiple domains on PA

Hello ,

We have integrated already the AD ( 3 Servers for redundancy)

The User id we are using is the default one which is on the PA FW

The domain is  abc.nl  . The setup is working .

Now we are building an entirely new domain called abc.es .   migrat

Possible to disable SSH CBC cipher and weak MAC hashing?

Hi,

May I check if it is possible to disable SSH CBC cipher and weak MAC hashing on Palo Alto Firewall?

If so, may I know how to do it.

Had no luck searching for a solution online.

Seems like there is no menu/config file (e.g. /etc/ssh/ssh_config) to e

bulk disable of security policies through CLI with set commands in a script

I have 6700 security policies I need to disable in a specific device group. I have them prepped in a text file in set format. CLI is only allowing paste of up to 20 lines at a time. I've tried enabling "cli scripting-mode on" and it still bombs after

IPsec tunnel doesn't show IKE gateway selected from drop down list

Hi All,

Hope you are doing good. 

I am running PA-8.1.0 on on VM and creating a tunnel with Cisco router. I completed all configuration on PA end. But when i go into ipsec tunnel, i can't see Ike gateway selected. I re-select it and then commit the c

Move interface to different vsys

Interface ethernet1/1 is currently in vsys1. When I try to change this to vsys2 from Panorama I get the message that the interface is already in use (by vsys1).

If I try to remove it from vsys1 in Panorama push is OK, bit it is still in vsys1 on the

/dev/shm filling up after 10.0.6 firmware

TMPFS partition /dev/shm on the VM series PAN.

Typically this is cleared on reboot but after upgrading to 10.0.6 its failed to clear the space on system reboot.

We have looked at the other drives on the PAN are there seems to be no capacity issues ot

WHERE CAN I FIND A COMPLETE LIST OF PAN-DB URL FILTERING CATEGORIES?

Q1, WHERE CAN I FIND A COMPLETE LIST OF PAN-DB URL FILTERING CATEGORIES?

We can't find a complete pre defined url categories.

Now the pre defined url categories have 73 ithems.

The KB was not update.

Q2, Where can I download/epxort  a complete list

Enable split tunnel for Zoom

Hi

We are planning to exclude all zoom traffic from Global protect VPN and currently we are using 4.1.5 GP agent version.

I have gone through the zoom documentation and created EDL but not getting option to exclude the EDL (external dynamic list ) in