Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

System alerts

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

System alerts

L4 Transporter

Hello Team,

I am getting system alerts in my firewall below is the error:-

PAN OS - 9.0.6

Disabled applications in vsys1: cip-ethernet-ip-disable-io cip-ethernet-ip-disable-sfc cip-ethernet-ip-enable-io cip-ethernet-ip-enable-sfc cip-ethernet-ip-read-mod-write cip-ethernet-ip-read-tag cip-ethernet-ip-read-tag-frag cip-ethernet-ip-run cip-ethernet-ip-stop cip-ethernet-ip-test-mode cip-ethernet-ip-write-tag cip-ethernet-ip-write-tag-frag dingtalk-file-transfer jandi pfcp philips-ecg retrospect-backup siemens-s7-comm-plus-download siemens-s7-comm-plus-upload.
 
NOTE: I have checked the all application are disable in Application DB 
Below is the current Version for Content ID
Application Version8305-6248 (08/14/20)
Threat Version8305-6248 (08/14/20)
Antivirus Version3441-3952 (08/15/20)
 
Could you please give any suggestion on this.
4 REPLIES 4

Cyber Elite
Cyber Elite

@Joshan_Lakhani 

 

To fix this you need to go to Device,Log Setting, System 

Create  a filter for example

(severity eq high) and (eventid neq Disabled apps)

or 

not ( description contains 'Disabled applications')

 

It is your log forwarding profile which is sending you the system alerts.

 

Regards

 

MP

Help the community: Like helpful comments and mark solutions.

@MP18 

 

I didnt configure the log forwarding , it is showing alerts in systems
Any issue if i ignore this or i need to take some action.
Please suggest.

 

You can ignore this these alerts.

MP

Help the community: Like helpful comments and mark solutions.

Cyber Elite
Cyber Elite

@Joshan_Lakhani,

Whoever setup your firewall has them setup so that the new app-ids are disabled when you download a new content update. While this can prevent issues rising from new app-ids being identified, it's something that you would eventually want to bring in so that your firewall can identify all of the new applications PAN has added. 

So while these alerts can be ignored, I would definitely make the new signatures active in your next maintenance window and simply verify that the new applications don't cause any issues in your current rulebase. 

  • 3297 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!