About TomYoung

Hi @Hash.palo ,   The process is the same.  https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-upgrade/upgrade-pan-os/downgrade-pan-os/downgrade-a-firewall-to-a-previous-feature-release   Thanks,   Tom ... View more

Hi @nevolex ,   That is a good question.  If your person who bought it wants to purchase PANW support and/or subscriptions, they will have to go through the secondary market verification process.  https://www.paloaltonetworks.com/services/support/support-policies/secondary-market-policy   If the device passes the verification, PANW support will probably move the device for them or give instructions how you can do it.   There are steps to decommission a device.  I am not sure if it removes it from the CSP.  https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000sZZOCA2&lang=en_US%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail   So, you have options depending upon what you or the sellee want to do.   Thanks,   Tom ... View more

Hi @A.Cubias ,   First, you will need to determine if there is any remnant Panorama configuration on the NGFW:   show config pushed-shared-policy OR Policies and Objects with a yellow/orange background show config pushed-template OR Network and Device configuration has some green/green-orange gears My guess is the configuration has been imported locally on the NGFWs.  Then should should start from scratch and add the new NGFWs to Panorama.  You can perform the steps below and ignore HA stuff if it is a single firewall.   https://docs.paloaltonetworks.com/panorama/10-2/panorama-admin/manage-firewalls/transition-a-firewall-to-panorama-management/migrate-a-firewall-ha-pair-to-panorama-management   Thanks,   Tom ... View more

Hi @BigPalo ,   Here is the PAN-OS documentation.  https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000wkkfCAA   What probably happened is that your previous servers did not have the patch.  MS announced that this security fix will be built into future releases.  You can find more details by following the 1st URL trail I posted.   Thanks,   Tom ... View more

Hi @atalakeytamkeen ,   "is there a way to manage these routes without adding them one by one in the virtual server static routes?"  You could create summary routes.  For example, if Site2 only has the 1 VPN then you could route RFC1918 traffic (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) over the tunnel and all else would go to the Internet.  You could also create summaries tailored to your specific routes.  ECMP would allow you to load balance the traffic across both circuits if desired.   You could also use a routing protocol.  https://docs.paloaltonetworks.com/network-security/ipsec-vpn/administration/site-to-site-vpn-quick-configs/site-to-site-vpn-with-ospf. With regard to MPLS, configure OSPF on your trust interface.  On Site1, you may need to redistribute static into OSPF.  In the end, dynamic routing is easier, but it takes a while to get used to it.   "Or can PBF still be used for routing while ECMP handles the Symmetric Return?"  PBF still can be used, but in the end routing is more straightforward and easier to troubleshoot.   Thanks,   Tom ... View more

Hi @BigPalo ,   You may be running into this issue -> https://live.paloaltonetworks.com/t5/general-topics/user-identification-and-winrm-on-http/m-p/481674.   There is no fix to my knowledge for WMI.  For me, configuring WinRM-HTTP or HTTPS was too complicated, and migrating to the Windows User-ID agent was easy.  https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/user-id/map-ip-addresses-to-users/configure-user-mapping-using-the-windows-user-id-agent/install-the-windows-based-user-id-agent   Thanks,   Tom ... View more

Hi @A.Khan080721 ,   You should always install the latest Applications and Threats before upgrading PAN-OS.  The software has dependencies in the content update.  The 3rd item in the following doc is "Verify the minimum content release version."  https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-upgrade/upgrade-pan-os/pan-os-upgrade-checklist   https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-upgrade/software-and-content-updates/app-and-threat-content-updates/configure-app-threat-updates   It used to be more clear in the documentation.  Maybe I can't find it.   Thanks,   Tom ... View more

Hi @MarkGorman ,   You would assign the L3 VLAN interface.  It will be configured with your IP address.   Thanks,   Tom ... View more

By the way,   You should be able to have multiple local ASNs with virtual routers (VRs).  You can then enable BGP between the VRs.  https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClIpCAK   I am going to do this with a customer and report back.  EDIT:  This worked great.  The one neighbor that required a different ASN is peered on a new VR.   Thanks,   Tom ... View more

Hi @psenaphaty ,   I just spoke with a TAC engineer.  He told me the SCM icon is SCM Pro (formerly AIOps Premium) and I should continue to use AIOps for NGFW Free icon to access the free version of SCM.   Thanks,   Tom ... View more

Hi @Mebinbaby ,   That is a good one.  The only possibility that I can think of is that the master key was configured on the active NGFW, but not the passive.  The master key encrypts passwords and is not synced between HA pairs and must be configured locally.  https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/high-availability/reference-ha-synchronization   Since your configuration is safely saved on the active NGFW, you can factory reset the passive.  Configure HA, and sync the configuration again.  You will still need to configure the master key on the passive if it was changed.   Thanks,   Tom ... View more

If it is a FG in L2 mode only for the incident, then fine.  As long as it gets them looking at the machines.  Their most pressing task is to do incident response (IR) on the machines.  If they are arguing for a permanent solution, then they need to refocus on IR. ... View more

Hi @cdcirexx ,   Those domains do not look good.  They do not look like ads.  @OtakarKlier has some good ideas about quarantining those devices.  I would reach out to your SIEM/XDR MSSP for the next steps.   Thanks,   Tom ... View more