About Fariq_Zaidi

Hi All,   We like to have clarification regarding the current threat protection capabilities of Palo Alto Networks firewalls against LockBit 5.0 ransomware, which has been reported as a newly emerging variant around September 2025. Upon reviewing the ThreatVault database, we found several existing threat signatures related to LockBit (e.g., Trojan/Win32.lockbit.dp, LockBit Ransomware Powershell Script File Detection, DNS-based signatures, etc.). However, these signatures appear to have been released prior to September 2025, with the latest update we observed dated 21 January 2025. This indicates that they likely correspond to earlier variants of LockBit (e.g., v2.0 / v3.0 / v4.0).   We would like to seek clarification on the following: Has Palo Alto released any specific signatures or advanced threat protection updates that cover LockBit 5.0? If not yet available, can existing protection mechanisms such as behavior-based detection (WildFire), Advanced Threat Prevention, or IPS/AV coverage effectively block LockBit 5.0-related activities? Is there an estimated timeline for when a signature or content update specific to LockBit 5.0 will be available in ThreatVault? Are there recommended configuration best practices (e.g., security profile settings, file blocking policies, Zero Trust segmentation) to enhance protection against this new ransomware variant while awaiting an official signature? thank you ... View more

Hi All,   i am bit confuses how the fixed PAN-OS version information works   for example  11.1.10-h1 can PAN-293673. Since PAN-293673 was already fixed in 11.1.6-h7 (which is lower than 11.1.10-h1), does that mean a higher version automatically includes fixes for known issues from lower versions, right?   If so, that’s what confuses me: if PAN-293673 was fixed in 11.1.6-h7, why does it appear again as a known issue in 11.1.10 and only get fixed in 11.1.10-h4? This is confusing to me. can anyone help explain this ? Thank you ... View more

Hi All,   i would like to know the ETA of the PAN-OS 11.2.8 as per last PA TAC mention that the 11.2.8 tentative release date of june 25    but so far no info of the release yet    this is to fix for GUI display issue with SAML SLO url.   thank you ... View more

Hi All,   I have HA firewall PA1 and P2. PA1 is fine but on PA2 having this issue with failed installation antivirus.   although it failed for the 1st minutes and PA2 success on 2nd minutes   i need to know or some explanation why its failed on the first place.   any advise or suggestion are very much appreciated    i share the below system logs     Thank you   ... View more

Hi all,   GP version 6.2.2 Machine: MAC OS   When user log in to GlobalProtect on a Mac for the first time, i can enter user1 to log in normally. However, when  restart the computer and log in again, i find that the user account has been locked and is displayed as user1 and cannot be modified. we can only enter the password, so the login will fail. When I logged into the firewall to check the status, I found that the user account was logged in. Therefore, I judged that the cookie timeout might have not expired, causing this situation. Is there a way to clear the gp client settings for Mac devices?   or any other advise to fix this problem   Thank you   ... View more

Hi    I got an alert from AIOPs that one of our Log Collectors has left the Collector Group in Panorama. But after we checked in Panorama both Log Collectors are still in the Collector Group. 1. Why does the alert from AIOPs state that one of the Log Collectors is disconnected? 2. is it because of configure in a non-redundant mode? if so, this config has been existing for a long time but why did the alert just appear?   any good explanation or how to check or troubleshoot this kind of alert   thank you ... View more

Hi All, We onboarded the 1 pair of Palo Alto firewalls into panorama. It is successfully onboard. New Template stack pushed successfully to firewall. But the device group was failed with “Error: Number of address group(x) exceeds platform capacity(xx)”.   Based on Palo Alto solution is to disable "Share Unused Address and Service Objects with Devices" to prevent the unnecessary sharing of unused service objects on the devices in panorama. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm0DCAS   Since already existing  firewalls integrated with Panorama, if we disable this option what will be the impact.   Thank you ... View more

Hi All,   We are currently experiencing an issue where mobile devices connected to Global Protect VPN are unable to receive internal emails. This problem has been observed specifically on iOS18.2, while it works fine on android devices and other iOS versions. We tested this issue on iOS18.1, and it worked as expected. However, after upgrading the same device to iOS18.2, new emails stopped coming in (Only receive new calendar invites). Could this be an incompatibility issue between Global Protect and iOS?   any official document , workaround or fix version on GP Palo side?  Global Protect Version: 6.1.6-731 IOS18.2     ... View more

Hi All,   if there's a way how to reduce or minimize the log size sent to the syslog server?   if any KB / document / best practice how to reduce logs to sent to syslog server   Thank you     ... View more

HI ,   we just recently upgrade our panorama VM active and passive to 11.1.4-h1 version and upgrade successfully   However, we found it weird that on secondary panorama , software status showing blank, null and unknown on the installed version as show in picture   Has anyone have any explanation or KB why it showing like that on passive panorama?   thank you ... View more

Hi ,   in show system logdb-quota as per screenshot   i found something weird information   As you can see, the system log is have max allocated 12.91GB, but why actual disk usage for system logs can be reach 61GB ?   Can anyone know and explain about this ?   thank you         ... View more