PAN-OS 8.0 depletes CVE information from old XPATH For 8.0.4 onward, please use new XPATH in op command. type=op&cmd=<show><predefined><xpath>/predefined/threats/vulnerability</xpath> Example of working output <response status="success"><result><vulnerability> <entry name="35931" p="yes"> <threatname>HP Data Protector OmniInet Opcode Buffer Overflow Vulnerability</threatname> <cve xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance "> <member>CVE-2011-1865</member> </cve> <category>overflow</category> <severity>high</severity> <affected-host> <server>yes</server> </affected-host> <default-action>alert</default-action> </entry> ....
... View more
Up until the time of writing this (PAN-OS 6.1.1, GP 2.1.1) neither GP client nor Portal are unable to change the password for the user. Typically customer with this type of requirement for password expiration would rely on external authentication like Active Directory and use that channel for change password. The most offering we have at the moment is when integrating authentication with Microsoft AD, GlobalProtect, if configured, will be able to give a "warning" that password will soon to be expired. To be cleared, this is just a display notification for customer to change their AD password via other method (Windows change password, Outlook OWA webmail, etc) but not by GlobalProtect. this option of warning is also not available for local user authentication. Password Expiry Warning on the GlobalProtect Client
... View more