About Deepak_K

We are import PA5220 firewall backup ( selecting import shared object)  into Panorama VM , but stucked at 99% since last 48 hours.   If we unselect import shared object , job is completing in minutes. But while selecting shared object option its taking time. There are 16000 objects in PA5220 firewall.  What could be the reason for slowness in import job ? Is it because of object counts or Panorama resource ? ... View more

We are using proxy solution for url filtering for which we have deployed ipsec tunnel with cloud proxy server. If we are filtering ACC report for interface and zone we are not able to get proper utilization report. Hence we are trying to export report for tunnel interface as we can see in pan chrome tunnel interface runtime bandwidth is 30 mb upload and 50 mb download.   Is there any alternative way  ?     ... View more

Can we integrate clearpass as a radius server for Global Protect 2FA ? ... View more

We are using standalone M-200 for 5 locations firewall and created collector group with single local log collector of M200.   We are deploying our new M-200 at another location and it will be in HA with our existing M-200. This new M-200 will be Active-Secondary panorama and we will add local log collector of it in existing collector group.   So in existing collector group there will be one local log collectors of each M-200.    Q. If we add secondary peer local log collector in collector group , is there any impact on stored logs ?     ... View more

CVE-2021-3031 PAN-OS: Information exposure in Ethernet data frame construction (Etherleak) Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount of random information from the firewall memory into the Ethernet packets. An attacker on the same Ethernet subnet as the PAN-OS firewall is able to collect potentially sensitive information from these packets. This issue is also known as Etherleak and is detected by security scanners as CVE-2003-0001.   https://security.paloaltonetworks.com/CVE-2021-3031   Workarounds and Mitigations There is no workaround to prevent the information leak in the Ethernet packets; however, restricting access to the networks mitigates the risk of this issue.   This issue fixed in latest software versions , but we need some workaround.   Can we restrict data plane interface access of NGFW as workaround for this security advisory. ... View more

We want list of users of particular group who are connecting Global protect. Reason behind this requirement is to get number of users from particular group who are connecting GP. So accordingly we can purchase the licence for 2FA from third party vendor. We have added multiple groups for GP authentication , if 100 users in HOD group and from them only 50 users connecting GP. We want list of those 50 users. ... View more

We tried with the mentioned steps and enabled the recording following below recommendation: 1. Sign in to the AWS Management Console 2. Select the specific region from the top down, for which the alert is generated 3. Navigate to service 'Config' from the 'Services' dropdown. If AWS Config set up exists, a. Go to Settings b. Click on 'Turn On' button under 'Recording is Off' section, c. provide required information for bucket and role with proper permission If AWS Config set up doesn't exist a. Click on 'Get Started' b. For Step 1, Tick the check box for 'Record all resources supported in this region' under section 'Resource types to record' c. Under section 'Amazon S3 bucket', select bucket with permission to Config services d. Under section 'AWS Config role', select a role with permission to Config services e. Click on 'Next' f. For Step 2, Select required rule and click on 'Next' otherwise click on 'Skip' g. For Step 3, Review the created 'Settings' and click on 'Confirm'        Anyone facing this issue ? ... View more

Multiple logs are generated for LACP on passive firewall , but not sure whether this event generated due to layer 1 issue or config issue at switch end. We never faced this king of issue , this log are generated all of a sudden on passive firewall.  Looking for exact meaning for below events . PFA image 1. Link-down 2. nego-fail 3. lacp-up   there is link-down event on firewall which can be physical port issue , but also nego-fail event also generated for same port so not sure whether the port was down or issue in lacp. This event is occurred 3 times on all interfaces of firewall (eth1 - eth12) , but nego-fail event occurred only for eth1/5 in first occurrence and on eth1/13 on second occurrence. Due to this behavior not able to find exact issue.  ... View more

We are going to configure Active-Passive HA for PA3250. Primary and secondary device both at different locations , distance - 25 Kilometer. Location A ( Primary FW) --- L2 switch -------------P2P link 60 Mbps-------------------------L2 Switch -------Location B ( Secondary FW) For above scenario , can we use common P2P link for HA1 and HA2 ? We will use non-overlapping subnet for HA1 and HA2 connectivity .  Which HA timer setting need to check for heartbeat and ping ? How we can check ms or ping response between primary and secondary firewall for HA1 and HA2 interface?     ... View more