About AlexNC

AlexNC · ‎12-27-2022

We've enabled AiOPS and while it does do a great job in putting together a lot of data and also BPA recommendations. We do have some questions in regards to alerts. We have specific Vulnerability, Spyware and so on profiles. Some are explicitly as ALERT-ONLY, or for E-Mail SPAM-GATEWAYS where we only want ALERT for SMTP decoder since our MTA is the security device and not the Palo Alto Firewall. These profiles and other settings trigger a critical or high alert warning in AiOPS We want to except these specific profiles from the process of triggering BPA config alerts but besides snooze and action taken there are no other options. Also it does not specify exactly to which profile we are setting the action. Since is the Alert "URL Profile not configured correctly" and it shows 3 URL Profiles, of which we want to disable the alert for 1 but not the other too. Am I missing something? What is the approach on such things. I don't want to disable the alert for all 3 Profiles that it detected it, just the once that are by design like this. Best regards Alex

AlexNC · ‎12-12-2022

Dear Palo Alto Community Is it just me, or did Palo Alto drop the ball on the new PA-3400 Series, while almost all specs gained an improvement over the old 3200 series. There is the value of Security-Zones that has me deeply confused/puzzled. For the sticker price (whether it is list price or street price). Having a PA3410 with a max of 40 Security-Zones seems completely out of line. Especially compared to the rest of the new PA-x400 lineup. If we look at the old PA-3200 they all have 200 Security-Zones supported and if we look at this comparison. There just seems to be a 0 missing with all PA-3400 firewalls. Now I know in most deployments 40 should be fine. But then again. We are talking a Firewall that can easily be used in deployments where 40 Zones can easily be reached. Not to forget that we always talk about an investment that needs to run for 5+ years in most cases. I hope there is just a 0 missing in the spec sheets. Also according to the spec sheet the PA-3400 series does not have any DoS Protection profile support. And it looks like the performance values for HTTP and appmix are swapped (not sure about that one) Anybody else thinking there is something off? Regards Alex

AlexNC · ‎12-12-2022

If I may add my 2 cent here. While I can agree on the fact that Palo Alto is not aware of what a URL filtering profile is used for. A new category like ransomware should at least be implemented as "alert" for all URL filtering profiles that are detected Palo Alto is all about security. therefore to me as a customer. I would expect such a URL category to be blocked by default, or that I would have to manually enable that new URL category. Now in regards to Encrypted-DNS i see how that might be a more tricky case and I could understand to have it as "Alert" only. But what I would never want from a newly created URL category, to be implemented in my URL Profiles set to "ALLOW" that is by far the worst of them all. Regards Alex

AlexNC · ‎12-08-2022

@lychiang Any update on a Q1-4 for 2023? or maybe even a x-mas present for 2022 still? Will there be a Beta to join? Best regards Alex

AlexNC · ‎04-28-2022

Hi Lychiang In my case I was installing Expedition fresh on a Ubuntu 20.04 (i cannot remember which Expedition version it was initially). Also in my case php7-radius was not installed and after following your instructions I had to run the following command: sudo apache2ctl restart Regards Alex

AlexNC · ‎04-25-2022

Heya We've gotten the following workaround to fix our issue with 10.1.5h1 on Panorama. > Panorama will need to perform a commit fix and apply some transforms using the transform script. Resolution: > Run the following CLI commands to resolve the validation error, 'hip-profiles expected here'. >configure #load config from running-config.xml #commit force << This workaround is by far better then the copy replace in notepad workaround for all the wrong rules. Anyhow, even though the fix is quick and simple. One would wish Palo documentation would be update and well documented for this. Also a hotfix for the hotfix would be appreciated. Best regards Alex

AlexNC · ‎04-08-2022

We are facing the issue now to, after upgrading from 10.1.3 to 10.1.5h1. Downgrade to 10.1.4h4 as suggested would not fix the OpenSSL vulnerability: https://security.paloaltonetworks.com/CVE-2022-0778 From the looks of it, this bug was fixed in 10.5.0: https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-release-notes/pan-os-10-1-5-known-and-addressed-issues/pan-os-10-1-5-addressed-issues# PAN-171869 Fixed an issue where HIP profile objects in Security policies and authentication policies were replaced with source HIP and destination HIP objects. After hitting already lovely bugs with 10.1.3 and 10.1.4 with device tag assigned security rules and dynamic object groups. 10.1.x looks like a bullet proof release of PAN-OS. Regards

AlexNC · ‎03-02-2022

Great to hear, In the meantime we have been told that in our case it will be fixed with 10.1.5 which should come out early march. We've been told to deploy/push 1 Device-Group a time for devices running 10.1.x Regards Alex

AlexNC · ‎02-07-2022

Hey PozsonyiAttila I am facing the same issue as you do. Panorama with 10.1.4h2 and firewalls running 10.1.4 (before when the issue started we had 10.1.3 running). This only happens to the firewalls running 10.1.3/4, all firewalls currently running 10.0.x do not face this issue. what worries me the most, is that one does not see the rules being deleted when doing a push preview before deploying. We have a TAC open and it is also under investigation. This all started with 10.1.3 (which we upgraded because of new PA400 firewalls and log4j fix. We upgraded to 10.1.4h2 by TAC recommendation, which actually made us face the issue with dynamic object groups, which had to be fixed with a creating and deleting a dummy object that uses a tag. Let's hope they soon find the issue for it and provide a fix. Regards Alex

AlexNC · ‎11-29-2021

Hi Did the 1.2.3 version get pulled again? I am also unable to update or manually download the 1.2.3 file (i can do the manual update and download with the 1.2.2 version) regards Alex

AlexNC · ‎11-01-2021

Hi Hebejena How do you mean "if the latest version can do that" do you mean if there is a app-id or a built in way from Palo Alto to cover this use-case with their latest PAN-OS releases? Regards Alex

AlexNC · ‎10-28-2021

@lychiang today I noticed that under Devices it shows for example 3 CSV files ready. When I expand the Device tree to see all devices managed by Panorama in Epxedition, none of the devices show any CSV files. When I select the firewall device that has the 3 CSV files I do see them und M. Learning. Is this a Bug? i can't recall how it was on the old Expedition instance with 16.04 Cheers Alex

AlexNC · ‎10-26-2021

Hello @lychiang thank you for getting back to me and letting me know about it. Looking forward to the fix. Thank you and best regards Alex

AlexNC · ‎10-25-2021

Does that sound like a Bug in expedition or something else wrong with my installation? Cheers Alex

AlexNC · ‎10-20-2021

@lychiang Yes you are correct, of course I had to go to the actual device and not Panorama itself. Regarding the Radius authentication, i got the following error from the log you mentioned: [Thu Oct 20 17:32:35.870372 2021] [:error] [pid 50121] [client CLIENT-IP:55677] PHP Fatal error: Uncaught Error: Call to undefined functio n radius_auth_open() in /var/www/html/userManager/API/auth/login.php:134\nStack trace:\n#0 /var/www/html/bin/Auth.php(168): login('username' , 'password')\n#1 {main}\n thrown in /var/www/html/userManager/API/auth/login.php on line 134, referer: https://expedition.hostname.com/ Thank you for your help and best regards

Member Since	‎03-06-2020 04:57 AM
Date Last Visited
Posts	48
Total Likes Received	13

About AlexNC

Re: Can't Upgrade PAN OS 11.1.2-h4 to 11.1.2-h9

Re: Broken email notifications formatting in version 11.0.1

Re: Broken email notifications formatting in version 11.0.1

Re: Broken email notifications formatting in version 11.0.1

Re: Broken email notifications formatting in version 11.0.1

Re: Broken email notifications formatting in version 11.0.1

Re: Broken email notifications formatting in version 11.0.1

Re: Broken email notifications formatting in version 11.0.1

Re: Broken email notifications formatting in version 11.0.1

Re: Expedition 2.0 release date: Postponed

Re: Broken email notifications formatting in version 11.0.1

Re: Broken email notifications formatting in version 11.0.1

Re: Broken email notifications formatting in version 11.0.1

Re: Palo Alto PA-3400 Series degraded specs vs 3200 Seires

Palo Alto PA-3400 Series degraded specs vs 3200 Seires

Re: Broken email notifications formatting in version 11.0.1

Re: Palo Alto PA-3400 Series degraded specs vs 3200 Seires

Troubleshooting GlobalProtect MTU Issues

AiOPS Alert Management - disable alerts for specific profiles/configuration

Palo Alto PA-3400 Series degraded specs vs 3200 Seires

Re: Nominated Discussion: URL Filtering Profile Set to Allow Ransomware

Re: Expedition 2.0 release date: Postponed

Re: Radius authentication stops working after upgrading Expedition to 1.2.x

Re: Commit Error After Upgrading to 10.0.9

Re: Commit Error After Upgrading to 10.0.9

Re: Panorama - Device TAGs stopped working after upgrade to PAN-OS 10.1.x

Re: Panorama - Device TAGs stopped working after upgrade to PAN-OS 10.1.x

Re: Expedition 1.2.3 Hotfix Information

Re: Custom App for CRL downloads

Re: Expedition 1 on Ubuntu 20.04 Server

Re: Expedition 1 on Ubuntu 20.04 Server

Re: Expedition 1 on Ubuntu 20.04 Server

Re: Expedition 1 on Ubuntu 20.04 Server

Seattle Beta - GlobalProtect (ELK)

Unlock your full community experience!

About AlexNC