PAN-OS 10.1.4-h4

Hello all,We are looking to update PAN-OS to 10.1.4-h4 but wanted to ask if anyone had any issues after upgrading? I had 10.1.4 installed but it had bugs and had to roll back so I am a little bit leery to upgrade again.Thank you,Tom

Global Protect 6.0 Client Windows Authentication

Since upgrading to the 6.0 client every hour, when the client does its config refresh interval, Windows defaults to the Global Protect password sign in option when unlocking the computers rather than what the users are normally using (PIN, Face, Finger etc). The same issue occurs when manually refreshing the connection or signing out and in to t...

Interface Status in Suspended state

I have my production firewalls in HA active/passive mode. My question is if I have suspended the passive firewall, what would be the interface status, would it be down or showing up ? I do understand it will not be forwarding traffic but what would you see in the GUI when checking the interface state.

How to allow only X.509 related cert validation traffic from trust to Untrust

Migration Cisco to PAN

Hello,I have run a config through the migration tool and I have noticed the following application generate warnings- icmp- I understand I change this to- pingipsec-esp- I have no idea what this should be changed to?gre(generic routing encapsulation)- No idea what this should be changed to? Any help would be appreciated.

useridd process is consuming 100% CPU on the PA-5250

PAN-OS is 9.1.10 running on PA-5250. The useridd process is consuming 100% CPU: Tasks: 313 total, 1 running, 309 sleeping, 0 stopped, 3 zombie%Cpu(s): 2.8 us, 1.5 sy, 0.0 ni, 95.7 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 stKiB Mem : 32640128 total, 197252 free, 5921556 used, 26521320 buff/cacheKiB Swap: 0 total, 0 free, 0 used. 26240004 avail MemPID USER...

Leak a specific route from BGP summarization

Hello All, I have a question related to BGP summarization in a PAN firewall. We currently have summary aggregate advertised to the upstream device. But now we need a leak /32 route to the upstream along with the original summary route. What is the best method to achieve this goal? I have seen an option for 'Advertise filter' in BGP summary. If I...

Post-VPN-connection Script when connected to internal Network

Hi everyone, Does anyone know if it is possible to execute a script with global protect after the client is connected to and successfully authenticated on an internal Gateway? Regards,Remo

Getting Panorama-Managed firewalls connected to Cortex Data Lake?

Greetings all, As the title suggests, I'm attempting to get Panorama and our two PAN 5250 on to our new data lake. I've got the Device Certs installed using the OTP from the Support Portal and I installed (but didn't configure beyond the re-verifying using the OTP from data lake) the latest Cloud Services plugin on Panorama. I can see all of th...

Easy to determine new and changed settings\features between 9.1 and 10.1

Cisco used to have a tool that would show features and setting that are different between version you could select. Does Palo have a utility or easy way see changes/features between 9.1 and 10.1? We would like to know the changes prior to upgrade.

Panorama PDF Summary reports not providing data

I'm having some issues generating PDF reports in Panorama and after Google didn't help me, I thought it would be worth asking here. We've created some custom reports in the past, had PDF summaries generated, and the reports get sent out on a regular basis with no issues. We followed our usual steps to create the reports described below. Yesterda...

DNS Security

Hello FolksDoes anyone know why I am having problems with DNS Sinkhole when my computers have dynamic DNS, I have spent days testing and I have detected that with fixed DNS I see the log but with dynamic DNS I don't see any logI have applied the Security profile , Decryption rule, But the behaviour is the same. Also I have DNS Security license.T...

MS-Teams issues with disconnections

Hi all, we have some issues with MS-Teams.Our customers have random disconnections during the cals. In the app they recive error - "bad network quality" and after that they reconnect. Call quality itself is good. In MS console there is no allerts for diconnections or bad quality. Evriting regarding MS products was excluded from inspecion decript...