This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew

About Fariq_Zaidi

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Fariq_Zaidi
‎12-01-2025
since ‎06-28-2022
L3 Networker
User Activity
User Profile
Latest posts by Fariq_Zaidi
View All
User Badges
Community Statistics
Member Since ‎06-28-2022 11:06 PM
Date Last Visited ‎12-01-2025 11:30 PM
Posts 96
Total Likes Received 7

Global Protect have issue after firewall upgrade to 10.2.6

by in General Topics
‎11-19-2023 11:54 PM
‎11-19-2023 11:54 PM
Hi,   Yesterday we upgrade Pan-OS version from 9.1.13 to 10.2.6. GP version on 5.2.12.    Now we have issue with GP as we have difficulties to connect the Gateway with error Cookie expired/Authentication failed We can confirm the Radius server is reachable we can ping it from the firewall. There were no changes made on the firewall except upgrade OS.   We use  two RA-VPN profiles one uses Duo as Auth service and the other uses certificates they are both having issues .   kindly please advise, should i downgrade the Pan OS or upgrade GP version ? but to which version ?   Thank you    ... View more

Vulnerability Assessment against Panorama found two vulnerability

by in Panorama Discussions
‎11-16-2023 01:06 AM
‎11-16-2023 01:06 AM
Hi Support,   Recently we have Vulnerability Assessment and found two vulnerability on Panorama   1. “The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS) on Port 28443 2.“SSL Certificate Cannot Be Trusted” for port 28270. How can we remediate on both vulnerability above?   Any advise and solution much appreciated  Thank you  Regards Fariq ... View more

Re: TCP SYN with data attack block by the firewall but increase the latency of data traffic

by in General Topics
‎11-15-2023 08:13 PM
‎11-15-2023 08:13 PM
Hi Reaper,   In the ICMP , showing the latency during the event happen and consist with the logs tcp sync with data has been drop.  That why we concern if this the cause the latency happen.   i attach the show running resource monitor and session info (Doc log)  and Yes we have enable the packet buffer.   Thank you     ... View more

TCP SYN with data attack block by the firewall but increase the latency of data traffic

by in General Topics
‎11-14-2023 11:58 PM
‎11-14-2023 11:58 PM
Hi Support,   We recently notice have latency in our network , when we investigate found a lot threat logs from TCP SYN with data has been block by firewall as we have DDOS protection.   My question is below: 1. does this attack affect the performance of the firewall resources?  2. Do we have a setting that can drop the threat without consume the resource of firewall? 3. In addition, is there a best case recommendation for securing untrust zones?   Thank you ... View more

PAN-229942 fix version 10.1.12 and 11.2.0 release estimation date

by in General Topics
‎11-12-2023 10:57 PM
‎11-12-2023 10:57 PM
Hi Support,   we recently upgrade PAN-OS version 10.1.10-h1 but encounter issue error message "timed out while getting config lock" then we have confirm with Palo alto TAC engineering team that this issue cause by bug PAN-229942 and the fix version PAN-OS version 10.1.12, 11.2.0. but not sure the date of the release yet.   Kindly please let us know the estimation date of the new PAN-OS release date as we plan sort this issue end of December.   Thank you ... View more

Re: PA Firewall VM series | interface suddenly goes down

by in General Topics
‎10-18-2023 06:10 PM
‎10-18-2023 06:10 PM
Hi Liviu,   PAN-219643 : https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-release-notes/pan-os-10-1-11-known-and-addressed-issues/pan-os-10-1-11-addressed-issues   Regards Fariq ... View more

Re: SD WAN policy did not working after upgrade PAN-OS

by in General Topics
‎10-13-2023 12:25 AM
1 Kudo
‎10-13-2023 12:25 AM
1 Kudo
Hi support ,   after upgrade, the Sd wan policy not working for both firewall , the workaround is we have to restart the firewall to it working again   it this normal?    thank you   regards Fariq   ... View more

Deploy Velocloud VCE to connect existing Palo device in AWS

by in General Topics
‎10-13-2023 12:11 AM
‎10-13-2023 12:11 AM
Hi Support    we try to add new interface on AWS VPC for palo alto firewall.    we using this kb as guide: https://docs.paloaltonetworks.com/vm-series/10-1/vm-series-deployment/set-up-the-vm-series-firewall-on-aws/vm-series-integration-with-gateway-load-balancer/integrate-the-vm-series-with-an-aws-gateway-load-balancer/associate-a-vpc-endpoint-with-a-vm-series-interface   but we stuck on step 2 because we enter command > request plugins vm_series aws gwlb associate vpc-endpoint <vpce-id> interface <subinterface>  is not showing or work   it is because the firewall PAN-OS version in 8.1 cause this issue?   Thank you ... View more

SD WAN policy did not working after upgrade PAN-OS

by in General Topics
‎10-12-2023 02:38 AM
1 Kudo
‎10-12-2023 02:38 AM
1 Kudo
Hi Team,   I have a PA-850 in HA , recently we have upgrade the PAN-OS firewall from 10.1.10 to 10.1.11 and managed by Panorama.   and then we check and found out the SDWAN policy is not working anymore. Before upgrade it's working fine. i have upload the primary non working of the SD wan Policy.   There's no error message in GUI i tried to shutdown the Balifiber Interface (DHCP Client ISP) and then reboot the secondary gateway only (for testing purposes), and for now secondary gateway is back to normal    It seems like any bugs related to SDwan and Dynamic IP from ISP Provider.   Kindly please advise how to check and is there permanent  fix or workaround for this issue. Thank you  Regards Fariq           ... View more

Re: Migrate to PA firewall cause WIFI roaming issue

by in General Topics
‎09-26-2023 02:04 AM
‎09-26-2023 02:04 AM
Hi Tom    Thank you for input.   1. how are both your AP connected in relation to the firewall? do they 'join' in the middle on a switch or are they plugged into their own respective port on the firewall? -- The AP is connected to the switch but not directly into firewall port. They connected to the switch that had another uplink until their packet arrived at firewall. Maybe we can call it ' join' in the midlle ? 2. does the user retain the same IP when hopping AP? -- yes, the user retain the same IP when hopping AP   3. i am collecting the packet diag but Should the x.x.x.x filled with my AP ip subnet ? for example 192.168.24.0 ? Thank you  Fariq   ... View more

Migrate to PA firewall cause WIFI roaming issue

by in General Topics
‎09-17-2023 07:29 PM
‎09-17-2023 07:29 PM
Hi Support, We just recently migrate the PA Firewall from cisco firewall. PA Firewall will act as gateway and provide DHCP. however we counter issue with roaming WIFI where client connected to AP A and change location to AP B without disconnect causing loss internet connection. We don't see any drop at all in firewall logs. so we not sure how to troubleshoot this.  as previously cisco firewall is working fine with WIFI roaming.  The WLC and AP we use Ruckus vendor (virtual smartZone)   Any idea, or experience on similar issue much appreciate if you can share with us.   Thank you     ... View more

Re: 'HA Group 1: Running configuration not synchronized after failure'

by in General Topics
‎08-29-2023 02:19 AM
‎08-29-2023 02:19 AM
Hi Myky, Did the issue re-occur?  Did you have open to TAC and what the solution? For now workaround is to manually sync from Panorama to firewall but we don’t want to do always. This will not be the best practice.   if have the solution can you share ?   Thank you   Regards Fariq   ... View more

SD -WAN Tunnel Being Down and Up Frequently

by in Prisma SD-WAN Discussions
‎08-28-2023 12:01 AM
‎08-28-2023 12:01 AM
Hi Support,   I need some advise on this SD-WAN tunnel being down and up frequently. How to troubleshoot and potential cause on it. It was suddenly happen without any changes has been done on firewall.   Model: PA-820 Version: 10.1.6-h6   I attach the system logs that showing repeated interface and tunnel down message.   Please assist.   ... View more

Re: Question about Change Behaviour Log Collector PANOS 10

by in General Topics
‎08-23-2023 12:12 AM
‎08-23-2023 12:12 AM
Hi Pavel,   thank you for the information and it very helpful.😀   i have additional question if you can help me to answer it.   Recently, we have tried implementing the solution of using Panorama as a local collector in our lab environment. We have built our lab environment using virtual machine (Panorama VM, Log Collector VM, and Firewall VM) and  we are using Panos 10.1.8-h2.   We conducted several test scenarios: 1. All log collectors are UP. 2. LC1 is down, while the other is UP. 3. LC1 is back UP, and all devices are UP. 4. LC2 is down, while the other is UP. 5. LC2 is back UP, and all devices are UP.   With these scenarios, the obtained results are as follows: 1. When all log collectors are UP, the Firewall sends logs to LC1, and Panorama successfully queries and updates logs. 2. When LC1 is down, the Firewall sends logs to LC2. Panorama successfully queries logs, but the logs are not updating (stuck). 3. When LC1 is back UP, the Firewall resumes sending logs to LC1. Panorama successfully queries logs, and logs update normally. 4. When LC2 is down, the firewall continues to send logs to LC1. Panorama cannot query logs, resulting in a blank log monitor. 5. When LC2 is UP, the firewall still sends logs to LC1, and Panorama successfully queries logs and logs are updating.   Based on these results, I believe they do not align with what we expected, even though Panorama has been added as a local collector.   Is this behaviour is normal? Or is it that the solution cannot be applied in a virtual machine environment?    Thank you ... View more

Question about Change Behaviour Log Collector PANOS 10

by in General Topics
‎08-21-2023 01:13 AM
‎08-21-2023 01:13 AM
Hi Team,   We have some question regarding Log Collector. We want to upgrade all devices from 9.1 to 10.1 because the 9.1 is EoL on end of year. But, after we read the document about changes behaviour on PANOS 1, the log collector need minimum 3 log collector on the collector group (https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-release-notes/pan-os-10-0-release-information/changes-to-default-behavior   On the existing configuration (production), we just have 2 dedicated log collectors on the same collector group.   Is it possible to add the local panorama on the active panorama mgmt server along with dedicated log collectors in the same collector groups? If possible, do you have some pro & cons regarding this configuration?   Thanks and regards,   Fariq ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎12-01-2025 11:30 PM
Latest Tags
No tags yet
Likes Given To
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks