About Carracido

Dear community!   I´m seeing in the interfaces the "rcv_fifo_overrun" counter increasing quite a lot and I´d like to find out what´s the root cause. Is there a reliable way to verify in the firewall if the reason of this counter to increase is some bursty traffic or anything else?   Thank you! ... View more

Dear community!   We are having some traffic issues when globalprotect and F5-Edge client run together. When established a VPN with both clients at the same time, there´s some traffic not properly routed through the the GP virtual interface, the same traffic works fine when connected only to globalprotect. Access routes for globalprotect is 0.0.0.0/0   I know there are some VPN clients that won´t work well together. Do you know if this is the case of globalprotect? We need both VPN connections at the same time for different purposes.     Thank you!  ... View more

Dear community!   We are sending logs to cortex data lake and we noticed high traffic volume for the sessions concerning log forwarding, with peaks up to 200GB of data sent.    Do you know if this volume of traffic can be normal? Also, is there any documentation on how logs are being sent to CDL or how would you troubleshoot this issue?   Thank you in advance!       ... View more

Dear community,   We are trying to push for the first time the DG and we get following commit error:  Number of address groups XXX exceeds platform capacity XXX   We followed the suggestions in link down below of disabling "Share Unused Address and Service Objects with Devices" but still the same issue.   https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm0DCAS   We run Pan-Os 10.0.6   Any idea on how to fix it?    Thank you!       ... View more

Dear community!   From time to time one of our firewalls stops forwarding logs to Panorama. We stop/start the log forwarding process as suggested in this link: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFCCA0   We are the reasons that could cause the Panorama to lose track of the sequence number of the logs being forwarded only from the same firewall and not from everyone else?    Thank you!   ... View more

Hello community!   Do you know whether it´s possible in Cortext XDR Pro to build a query to Search For Password Files ?   Many thanks! ... View more

Dear community,   After upgrading Panorama to Pan-Os 10.1 we get the following system log daily: "Auto mongo backup: Failed to backup database 'pan_ms' collection 'msak':"   Any idea what is this error about and how to "silence" it?   Many thanks in advance! ... View more

Hi Community,   I have the following scenario: user_1/password_1 Active Directory credentials for login into windows system and domain user_2/password_2 Active Directory credentials only for globalprotect authentication.   I´d like to know if there is a way to change the password_2 for user_2 through the GP agent application?   Thank you!      ... View more

Dear community,   We have a firewall with multi-vsys and the following scenario:  1 shared gateway and 1 public IP on external zone  1 virtual system and 1 private IP on internal zone   We configured DNAT to allow access to private IP from Internet following this article: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClHxCAK   Observations to this configuration: - Our "inbound web" security policy worked allowing only the internal IP and not including the public one. # Question_1: is this because the vsys receives the traffic after DNAT from SG and only private IP is visible here?   - on the traffic log the destination IP shows the pre-NAT IP which is the public one with source zone = untrust_SG and destination zone = trust_vsys. # Question_2: How it is possible that the traffic log is showing as source zone the untrust-SG if no security policy is used on the shared gateway? It seems that this log shows transparently the trace from external zone of Shared gateway to the internal zone of vsys.     Thank you!   ... View more

Dear community,   For some of the XDR agents there´s a version mismatch between the software installed on the endpoint and the one displayed on the console in the cloud.   Example: I installed 7.1 and the agent´s window is showing the right version but in the console in the cloud the agent version for this endpoint is showing 7.2. Does anyone else have the same issue?   The agent is checked-in with the cloud and there´re no any operational issue.   Thank you!   ... View more

Dear community,   I´m currently facing this challengue: Do you know whether it´s possible to have captive portal working for https traffic without using SSL decryption?   This requirement is not clear in the admin guide but I understand it is according the the article below: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClevCAC   Due to some internal policies deploying SSL decryption wouldn´t be feasible so I´d really appreciate your answers on this topic.   Thank you! ... View more

Dear community,   We´ve configured a couple of external dynamic list (IP and URL) on a local minemeld server and the passive device fails to fetch those lists.   Error obtained is: "Unable to fetch external dynamic list. Couldn't connect to server. Using old copy for refresh."   Manually forcing the firewall to download the list then it works ok.   Service route for External Dynamic Lists and Palo Alto Networks Services service routes are not set, then use MGT interface to fetch the EDLs.   When device becomes active then EDL refresh job completes without issues.   + Question: Do you know whehter it´s expected behavior the passive device not fetching EDLs?   Thank you! ... View more