How check NGFW valid for April 2024 Cert Advisory

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

How check NGFW valid for April 2024 Cert Advisory

L0 Member

Regarding the Certificate advisory for April 2024 and November 2024, if doing option 1, have content update and doing a reboot.

This being good enough for the April 2024 deadline. How can you verify on the Panorama or NGFW that you are valid?  The commands in the advisory FAQ 9, only work if you do Option 2 and upgrade to the recommended hotfix.

If there is no method for the user to verify they can safely pass the April 2024 deadline, then i would assume you would have to call TAC to go into root to confirm that your NGFW is patched to pass the April 2024 deadline, otherwise its wishful thinking the day after April 7, 2024

1 accepted solution

Accepted Solutions

L4 Transporter

Hello @RussellYan - if you're taking Option 1, being the content update and reboot, there is no specific command that you can use to confirm you've completed remediation.  As you've correctly identified, this new command is available after a hotfix or upgrade per Option 2. 

 

The best advice I can give is that you should check to see that the most recent reboot time is more recent than the installation time of the content update.  

Iain Robertson
Senior Customer Success Engineer, NGFW, Palo Alto Networks

View solution in original post

3 REPLIES 3

L4 Transporter

Hello @RussellYan - if you're taking Option 1, being the content update and reboot, there is no specific command that you can use to confirm you've completed remediation.  As you've correctly identified, this new command is available after a hotfix or upgrade per Option 2. 

 

The best advice I can give is that you should check to see that the most recent reboot time is more recent than the installation time of the content update.  

Iain Robertson
Senior Customer Success Engineer, NGFW, Palo Alto Networks

L0 Member

Thank you lain. Am i to also assume, a TAC engineer with root access would also NOT be able to confirm before (remediation is installed besides the Content Version number) or after a reboot, that i have the remediation activated?

Russ

Hi @RussellYan - I can't confirm that I'm afraid, I'm not aware of any commands that TAC might be able to run to validate.  In turn it would be safer to assume there exists no such commands. 

Iain Robertson
Senior Customer Success Engineer, NGFW, Palo Alto Networks
  • 1 accepted solution
  • 954 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!