About Miroslaw_Iwanowski

Hi   Hi @Miroslaw_Iwanowski    I am not sure why you would have been ignored, but if you sign up to download the Cortex XSOAR then you will get the trial version (without the limitations on reporting and commands in one day) after the 60 (I think it is) period it will revert to the community edition, this has a limit 166 commands in one day and the reporting is severely limited, other than that it is pretty much fully functional, threat feeds are limited to 100 objects though so they are more for practise and eval than anything else.   Hope this helps ... View more

@Miroslaw_Iwanowski wrote: Hello, We had an issue of some computers getting disconnected status in XDR. In Lansweeper the status of  XDR was disabled. After a long discussion with local support we came out with a nice procedure that allows to reconnect those client without reinstallation.   Assume we have a laptop lt00666 with a XDR client installed but disconnected from XDR console.   Open a command line to swclt00666 using Sysinternaltools tool psexec64 Psexec64.exe \\swclt00666 cmd   Move to XDR client dir cd c:\Program Files\Palo Alto Networks\Traps   Get XDR client info   c:\Program Files\Palo Alto Networks\Traps>cytool.exe enum Process ID      Agent Version 1072            7.2.1.2718   Go to your XDR console and display Agent Installations   Make sure you have package ID enabled in default view   Copy ID for XDR version of the disconnected station - it will be long alphanumeric string (it is good to have it prepared for most common version you use so you do not have to look up at the console)   Issue a command to reconnect device to our XDR server (this is one line) c:\Program Files\Palo Alto Networks\Traps>cytool reconnect force [omitted]   There will be no prompt displayed and you have to enter (paste) uninstallation password. After you enter it and press enter the device will display:   Enter supervisor password:   c:\Program Files\Palo Alto Networks\Traps>   The laptop should already be visible in console. Upgrade to latest version and it is finished.   Procedure works very nice for us and I hope that it will save some time for the community also. Hi @Miroslaw_Iwanowski ,   Thank you for posting your clever reconnection solution using psexec!   If I were to make a recommendation, I would omit the trailing tenant ID mentioned after the "cytool reconnect force" command as it is sensitive information unique to your XDR tenant. ... View more

Hi @Miroslaw_Iwanowski ,   Here for IPSEC-A as well as IPSEC-B (post DNAT), the destination is going to be from 10.1.6.x so anyhow it is going to match the static route which will have lowest matric. And in your case, it seems to be IPSEC-A tunnel interface. So in both cases, it will match IPSEC-A tunnel interface and firewall will forward traffic accordingly. Also it seems you have same set of source segment who need access to those resources otherwise PBF would be the option in case you have different source IP addresses accessing same destinations. ... View more

@NavigantNetworkteam  Please refer the following document for determining the precedence order while using split-tunnel rules.   https://docs.paloaltonetworks.com/globalprotect/10-0/globalprotect-admin/globalprotect-gateways/split-tunnel-traffic-on-globalprotect-gateways.html   Regards, Varun ... View more

Hi @Miroslaw_Iwanowski ,   To get confirmation on a bug please reach out to support.   Cheers, -Kiwi.   ... View more