Finding Rootkits in Palo Alto

I was looking for information on finding and removing rootkits on Palo Alto, using the CLI commands. Reinstalling PANos isn't an option for me, but any help would be greatly appreciated. I know there is a rootkit installed, but I am not entirely sure

Paloalto API to get the recommended pan-os version details

Does Paloalto has a API for customers to identify recommended pan-os version details through the API query based on firewall models

Plugin-DLP mis-match on HA pair (HA not syning)

We recently had a firewall failure in a High Availability (HA) pair and replaced the faulty unit. However, there's a mismatch in the Data Loss Prevention (DLP) plugin versions:

• The working firewall is running DLP 5.0.1 with OS 11.1.6-h1
• The replacemen

IPSec Tunnels acting Strange

Version 11.1.4-h7

I am unsure if anyone else has experienced this. We are seeing IPSec tunnels suddenly showing errors in the system logs that IKE phases are just deleting one right after the other and not initializing. Originally one of the tunnels

UserID mapping flags user unknown with single digit timeout secs

Hi all,

I'm using Agentless UserID mapping. Since past 2 weeks, random users are dropped out of ip-user-mapping and unable to browse internet. 

When I run "show user ip-user-mapping all" on CLI:

I get 90% of connected AD users mapped to IP addres

Use of SSL Decryption.

Dear All

I hope you all are doing well.

We recently deployed a firewall with SSL decryption features. Previously, we used F5 WAF for SSL decryption.

Should we use SSL decryption for the new firewall or the previous F5 WAF SSL decryption?

Can I use both W

Vsys1-Vsys2 main-Backup

dears in community 

i have some trouble with the scenario  inside my Palo Alto device and need your support, 

i have two Vsys names (A, B), and each one of them has L3 uplink-ISP Vlan configured on a separate interface and set Public IP on interface

Meta Apps bypassing Captive Portal Authentication

Hi Everyone,

I am asking your expert advise on this issue:

We have an AP in bridge mode that is directly connected to Palo Alto. The firewall acts as the dhcp server and the AP just extends/bridges the network wirelessly. This setup is for Wirele

PANOS upgrade 10.2.10-h9, 10.2.12-h4 and 10.2.13-h2

Hi Experts,

We have PA-5450 and Panorama M-700 running on 10.2.8-h3. We are planning to upgrade PANOS to the latest code in the 10.2.X series. While reviewing the Palo Alto documentation, I found that 10.2.10-h9 is the preferred version. However, t

Management and Data plane same subnet

Hi All,

My organisation need to have data plane interface i.e eth1/2 and management plane i.e mgmt port in same subnet as below

eth1/2 192.168.2.1/24

mgmt- 192.168.2.2/24 and 192.168.2.3/24 (Palo alto in HA).

Need to know what could be harm or disadvan

Protecting Admin UI with Duo MFA

I'm attempting to setup Duo MFA with the admin UI of a PA-3220 running PAN-OS 10.2, but have been unsuccessful. I've found that the guide, https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/authentication/configure-multi-factor-authentication

Upgrade on the 1410 Apps failing

We have a new 1410 which has an Active Threat Prevention license and running on 11.0.2-h10. We are trying to upgrade to 11.1.6-h3. 

When I tried to update the apps, to  I am getting the error panupv2-all-apps-8953-9331. Does it need an earlier upda

Hardware Refresh from 820 to 445, able to copy config from 820 into 445?

I need to refresh an 820 to a 445 then another pair of 820s in HA to a pair of 445 in HA. Using on the box for management, no Panorama.  Can I take the configuration from the 820s and load it into the 445s? 820 are currently on 10.1.14-h8. If not, if

Well knows URLs are getting marked as not-resolved and traffic getting blocked in Advanced URL Filtering in PA-450 box

We recently implemented a PA-450 firewall box in the organization and well knows URLs are getting marked as not-resolved and traffic getting blocked in Advanced URL Filtering. Any certain configurations we need to modify to avoid this? Find more info

Many ping drops during failover

We have a setup as shown above and when we do a failover testing (power off the active firewall), we see atleast 15 ping drops when we ping devices from one vlan to another, The vlans are configured as sub-interfaces on the firewall. Switches are ju