LIVEcommunity | Palo Alto Networks

XSIAM Pending Playbooks

In XSIAM, how can I determine (query ?) the current total number of playbooks with a playbook run status of "Pending" via an XSIAM command or XSIAM API, as opposed to filtering in UI ? The use case is to be "proactively" notified (via workflow or job) if the total number is at, or over, a specific threshold. Thank You --

Panroma using public ip

Hi, we are using multiple paloalto firewall .To manage centrally we are using panorma .But current configuration working through site to site vpn . Can we established the connectivity through internet .It will help us even if the site to site vpn is disconnected. Is it possible in Panorma ?

Invalid configuration in TSF

Hello team:Do you know why, when generating a BPA report, it returns the following error: "Invalid configuration in TSF."Regards.

ION 3102V BGP issue

In ION 3102v, BGP doesn't come with core peering and all configuration seems ok. other ION 3102v have similar. Device has been re-configured after rebooting the device but still same status. Software version - 6.4.2-b16 configuration but the problematic ION show message - ION-3102v#dumo routing peer status BGP Peer IP : X.X.X.X% BGP instance n...

Triage process to eliminate endpoint issues prior to Prisma Access queries

Has anybody come across or developed a triaging (L1/L2) process to eliminate endpoint issues before submitting Prisma SASE (PA and Prism SDWAN) to support?. It is important for customers, provisioned with Prisma SASE to be efficient and effective before submitting ticket to MSSP. This document may be of great value to PA customers. Thank you

Add Palo alto HA (existing config) in Panorama. Doubts..

Hi, I need to add a cluster A/P FWs in Panorama. I was checking this useful link: https://www.mbtechtalker.com/migrate-a-ha-pair-of-pan-firewalls-to-panorama-management-2/ and videos on internet. I have everything under control, but I'm a little concerned about if its necessary in any point to enable the "force template value" option at some...

Resolved! Panorama Rest API - Add ae subinterface

Hello everyone! I am planning to create around 200 new subnets on my firewall managed by Panorama template. We plan to restructure our network. I want to do this via the Rest API of Panorama. I was able to create a ae interface via the API, no problem. But I cannot create subinterfaces for this ae interface. We are running Panorama 10.1.3-h1. ...

Tunnel Traffic from ISP2 IP Working Despite Default Route on ISP1 – Need Insights?

Hi Team, 🔁 Scenario Summary for Asymmetric routing Primary ISP (ISP1): Default route with lower metric (10), so all traffic prefers this path.Secondary ISP (ISP2): In Firewall, I manually initiate traffic using ping source <ISP2 IP> host 8.8.8.8.Routing Table: Since 8.8.8.8 is unknown, the firewall uses the default route — which points ...

Portal Auth v Gateway Auth

Hello everyone, I have read countless Palo documents and forums but still a little unclear on the above. I'm hoping someone can clear this up for me. The environment I am referring to is Global Protect / Strata Cloud Manager. Under workflows/ prisma access setup / global protect - On that screen under the infrastructure tab we have "User Aut...

Concerns of Firewall 5250 dropping packets and enabled DSRI (Disable Server Respponse Inspection) relieve issues for a few hours but came back

Good evening, Working with one of the top Microsoft engineers today who performed numerous wireshark traces regarding huge concerns that Palo Alto Firewall 5250 firewall was dropping packets. Identified exact time and sequence as well as size of packets and sequence being lost in transit. Noticed over tens of thousands of these re-transmits ...

After the Cortex XDR agent is installed, there is a volume shadow copy issue on the endpoint.

The VSS service on the endpoint is configured with a startup type set to Automatic. VSS operates normally until the Cortex XDR agent is installed. However, after the agent is installed for the first time, VSS fails to stay active despite its automatic startup setting. When manually started, the service repeatedly disables and re-enables itself. ...

Anyone has experience working with Public Certificate and OpenSSL for Palo Alto SSL/TLS Service Profile

Dear all, I have a certificate issued by the CA. Now this certificate is for Palo Alto machine at a customer site. We don’t have access to those devices. Now the manager asked to me first use OpenSSL tool to generate a Private key and test the certificate for SSL/TLS service profile on our own device and make sure the certificate is worki...

Dynamic IP at Spoke site in PAN-OS SD-WAN Hub/Spoke topology

HiI am new to PAN-OS SD-WAN and need to clarify Internet service requirement at new spoke site. My client has PAN-OS SD-WAN hub-and-spoke topology, the hub PA firewall has a static public IP for its internet service.All spoke PA firewalls also use static public IPs, but we now will have a new spoke with a dynamic public IP. I am hoping to confir...

Azure Virtual Desktops integration with Global Protect nightmare

Having an enormously hard time implementing Global Protect on Azure. No matter what happens, after installing and executing Global Protect on Azure virtual desktop, VPN tunnel 100% severs RDP communication to the Azure virtual desktop. Had Palo Alto check routing and network and it appears to be sound. Recommendations were: 1) Network =>G...

PAN OS versioning differences

Is there any way to easily show what the difference is between PAN OS versions? For example, what is the difference between 11.1.10-h4 and 11.1.6-h17? What hasn't been fixed between these two versions?

Upcoming Fuel Events