This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

About Remo

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Remo
‎11-27-2024
since ‎03-20-2013
L7 Applicator
User Activity
User Profile
Latest posts by Remo
View All
User Badges
Community Statistics
Member Since ‎03-20-2013 04:23 AM
Date Last Visited ‎11-27-2024 05:48 AM
Posts 2,240
Total Likes Received 823

Re: Install cortex XDR agent on VMware ESXi

by in General Topics
‎08-27-2023 12:33 AM
2 Kudos
‎08-27-2023 12:33 AM
2 Kudos
The supported operating systems where you can install cortex xdr are listed here: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Compatibility-Matrix/Where-Can-I-Install-the-Cortex-XDR-Agent   --> on VMware ESXi Host, it is not possible to install cortex xdr ... View more

Re: Using wildcards in a query on the traffic log and in custom reports

by in General Topics
‎08-27-2023 12:29 AM
‎08-27-2023 12:29 AM
Hi @Dat_Phil  No, not yet. In pan-os/panorama you only have the existing filterpossibilities but not wildcard or regex. If you really need that, unfortunately there is no other way than using a third party solution like Splunk to filter for exactly what you need.  Or you can tell us mlre about your specific use case - maybe someone knows a solution to it without buying additional software or using additional tools. ... View more

Re: Choosing the Right Cloud Delivered Security Service for E-commerce Platform

by in General Topics
‎08-27-2023 12:19 AM
‎08-27-2023 12:19 AM
Hi @Andrea-Smith  Asking this question to any number of security engineers will get you almost as much different answers 😋 From what it looks like in your post, at least paloalto probably is the wrong device for you. It is not a waf and cannot effectively protect you from DDoS. DDoS protection you need to get a level above your infrastructure from the internet service provider - or in case of cloud delivered services for example from Microsoft, Amazon or Google. These providers also have WAF services that can be used and there are also many managed service providers that will configure them for you. In other words, simply recommending a service/product to you probably will not solve the issue - then you could simply look at the gartner reports and choose one of the companies there.  ... View more

Re: Issues without using Proxy IDs on IPSEC tunnel

by in General Topics
‎08-27-2023 12:08 AM
‎08-27-2023 12:08 AM
Could you show us the ipsec configurations of both sides? Because the screenshot you showed actually means that there are proxy IDs configured and because of that your firewall is not able to find a matching entry. If the tunnel is only built up in the direction from your customer to you, then your proxy IDs can be empty as your firewall will accept any entry (as long there is only one. If there are more then you will have issues as the tunnel changes over and over). ... View more

Re: Unable to get support

by in General Topics
‎08-27-2023 12:02 AM
‎08-27-2023 12:02 AM
Do you have the account selector at the top of the support portal website to change the account there? Or when you navigate to Products and then assets, is the device you are looking for listed there?  And lastly, did you choose the right categoriy/product for the case, as it might filter already the asstes you are shown depending on this. ... View more

Re: SSL Decryption Certificate Self-Signed vs Public Trusted CA

by in General Topics
‎08-26-2023 11:51 PM
‎08-26-2023 11:51 PM
Hi @Shahlar  Could you show us the public CA certificate you bought? Because I think there is no way to get a public CA certificate that you can use for outbound decryption and the only way to do this is with a locally self signed cert or with a CA cert from an already existing internal CA. Public certificates (no CA certs) you can use for inbound decryption - so to decrypt specific traffic to one or a few webservers (for example with a wildcard certificate).  ... View more

Re: Network Configuration in Cortex XDR

by in General Topics
‎08-26-2023 11:44 PM
1 Kudo
‎08-26-2023 11:44 PM
1 Kudo
 ( "To track and identify assets in your network, you need to define your internal IP address ranges and domain names to enable Cortex XDR to analyze, locate, and display assets." Source: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Network-Configuration ) ... View more

Re: How to know the process in a Firewall that generate Traffic

by in General Topics
‎08-26-2023 11:36 PM
1 Kudo
‎08-26-2023 11:36 PM
1 Kudo
Hi @Oscarresendiz  Behind this IP it does not look like that there is very much useful things behind it. At least when you check virustotal for it ( https://www.virustotal.com/gui/ip-address/5.5.5.5/relations ). In addition to the things to check mentionned by @JayGolf, which application do you see in the logs and are there bytes received?    ... View more

Re: External DNS resolution for specific domains

by in General Topics
‎07-03-2022 09:53 AM
‎07-03-2022 09:53 AM
Hi @StuartS  If you only add the entries you need to your internal DNS, why or which connections will be broken by this?  If you only need a few entries, then NAT seems to me like a good solution - if everything is passing your firewall, then I think you don't even need to mess with static DNS entries for this. ... or I don't understand your issue correctly 😛 ... View more

Re: Remove Multiple Saved Config files from CLI?

by in General Topics
‎07-03-2022 08:00 AM
‎07-03-2022 08:00 AM
Hi @brucegarlock  What PAN-OS version you you have installed? Sounds like a very strange bug. You have the option with creating a little script that fetches the filenames and then sends a delete command over the api for each file. Or you list all the filenames in a cli session, take this list into a texteditor and then add the required commands for the file deletion. This list with all the delete commands you then paste into the cli session and all files will be deleted. ... View more

Re: Global protect enforcer and public wifi captive portal

by in General Topics
‎07-03-2022 06:01 AM
‎07-03-2022 06:01 AM
Hi @CI-larles  Do the same users get different results in the same wifi networks or are there different networks with different results? What error do the users see that you mentionned? Is it only right at the time when they connect to the network and after a few seconds it may be works with accessing the captive portal? In the past I had quite a few issues with such situations and mainly with the enforcer, but actually so far with the latest versions of GP 5.2 it works pretty good. So if you could add some more details, that would be helpful. ... View more

Re: FTP Inbound Decrypt Issues

by in General Topics
‎07-03-2022 05:52 AM
‎07-03-2022 05:52 AM
Hi @jsalmans  What was the last version when it was working? How does the decryption profile and rule look like that you cobfigured? How did you prepare the certificate file that you used for the inbound decryption? According to the error message you placed the intermediate certificate authority file at the wrong location in the file. Are there any decryption errors in the log on the paloalto firewall? What did TAC do so far with troubleshooting and whar were the results? I think this issue should be solvable but I need some more information and more details about the steps taken and current config. ... View more

Re: Open Now! Join the Discussion: LIVEcommunity Cyber Elite Experts

by in Ask Me Anything (AMA) Event Discussions
‎06-30-2022 01:14 PM
1 Kudo
‎06-30-2022 01:14 PM
1 Kudo
Hi @PavelK    That's a tough one. So ... Wherever possible I would use VM series firewalls for the segmentation. You simply have more flexibility with the sw based approach than with hw. In case you need more throughput you simply extend the HA to a HA cluster with up to 16 nodes per cluster. Of course if you need 100G throughput for single sessions, then there is no other option than the big HW firewalls from paloalto. For a recommendation for the rest of the situation I would need some more information. As there are quite a few locations with different MPLS lines, I assume there is no additional internet access at these locations and all traffic including internet traffic needs to go to HQ. This makes it easier as you have less firewalls to control. Also here it really depends on the security requirements of the company. From routing all locations together up to separate even different subnets at these locations there are more than one recommended setups - it all depends on the budget and the security requirements. Regarding the different business units: if there are such different units I would make sure that their systems are located behind dedicated firewalls so unit a will not have access to unit b. In order to keep at least some control I would recommend to use panorama with pre rules and the units only have access to post rules or only rules local on the firewall. With that you at least have aome control with a company policy. At least on prem I would go the "old" way with the network segmentation and not do micro segmentation as I think in a lot of cases there is no need to have everything sent over a firewall. Of course it is also for blocking connection as near as possible to the source systems but this can be done easily with the host firewalls or with Cortex XDR which has even way more advantages regarding the security standard in your network.   With more informations about the requirements the answer might be better if you ask the live community but this can be time-intense for the ones that reply to queations here - but we are all in this together and happy if we can help. I hope you are not disappointed with the answer.   Cherrs, Remo ... View more

Re: The PA-3020 in the HA pair cannot automatically run dynamic updates.

by in General Topics
‎04-21-2022 10:05 PM
1 Kudo
‎04-21-2022 10:05 PM
1 Kudo
Hi @DevonFan  In this case probably your disk is full. Try to remove the old content updates and also PAN-OS images. Here you can find some more information about cleaning the root partition: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClaJCAS ... View more

Re: The PA-3020 in the HA pair cannot automatically run dynamic updates.

by in General Topics
‎04-21-2022 02:26 PM
1 Kudo
‎04-21-2022 02:26 PM
1 Kudo
I recommend the same as @TomYoung : disable the sync-to-peer option and your problem should be solved. In order to have the updates installed as soon as possible, think about changing the update values to checks more often. Mainly the antivirus update foe the case when it is released at another time than normal. I do also the same for the apps and threats updates, but I configured a threshold to avoid problems with bugs in these updates. Only in situations of emergency updates or when important vulnerability signatures are released, I install the update manually prior to the threshold time specified. ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎11-27-2024 05:48 AM
Likes Given To
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks