Your Questions Get Answers

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Cyber Elite
Cyber Elite

Each year, after Ignite, we have a whole bunch of great questions, a handful of strange ones and usually a few unanswered ones. We feel that we owe it to the community to get as close as we can to a 100 percent reply rate, so here's a few unanswered ones and my attempt at answering to the best of my ability.

unanswered Ignite19 questions.png

 

1. Is there going to be API support to connect to LIVE so that my team can directly respond?

(answer) Not at this time but we love the enthousiasm! If you feel like this is something we should put on our radar, please reach out to us and we'll work on a feature request to see what we can do to make such a thing happen. 

 

2. What is the supported 9.0 code for HA support in Azure?

(answer) That would be 9.0.0 : Support for high-availability on vm-series azure

 

3. What is the best IAM Integration for User-ID?

(answer) The 'best' Identity&Access Management framework is the one you are most comfortable working with. There are several ways to integrate with any IAM and some may come with challenges. You'll be much quicker at tackling those challenges when you're acquainted with the IAM rather than one I suggested that you have never worked with. If you have no experience, I recommend getting in touch with a technology partner that can assist, or talking to peers (hint: the discussion forum is a great place to do that).

 

4. Where do I find platform updates? How will I know about new ones?

(answer) This depends on what your concept of platform is exactly. Generally, ofcourse, I would recommend subscribing to the LIVECommunity blog posts to stay tuned on all the new stuff happening: https://live.paloaltonetworks.com/t5/Blogs/bg-p/CommunityBlog.

Also, the Support portal subscriptions keep you posted on content and software updates and security advisories: https://support.paloaltonetworks.com/SupportAccount/Preferences.

There's also Unit42 and more: https://start.paloaltonetworks.com/preference-center.

 

5. How does Palo Alto (Networks) work with OpenShift and Azure hosting?

(answer)  Openshift is a container application platform based on top of Docker containers and kubernetes container cluster manager (whew that's a mouth full). I'm not very well versed in this regard, but I'd say: stay tuned for Twistlock.

 

6. Why aren't VLAN tags a template variable?

(answer) There's a feature request for that. Reach out to your local sales team to add your vote: FR ID: 11021.

 

7. Threat profile debug in less than 12 hours? Maybe! 72 hours now?

(answer) I'm honestly not sure what the question is in regards to. If you posted this question, or know who did, please feel free to reach out, so we can see about resolving your issue or clarifying some things.

 

8. What are the compatible asset databases supported by your product?

(answer) If this is a question regarding the Unity API editor, AssedDatabases are not supported.

You can browse through the availanble XML API commands via https://<YourFirewall-IP>/api or read the REST API documentation via https://<YourFirewall-IP>/restapi-doc/#.

 

You can check the previous batch of unanswered questions here: Many Questions Were Answered at Ignite 2019...

6 Comments
L1 Bithead

We have several IPSec tunnels that connect to 4G devices to provide network access in the event of a primary circuit outage. These tunnels do not disconnect after the primary circuit comes back up. Is there a way on the PAN side to disconnect an IPSec tunnel if there has been no traffic on it in a given amount of time?

L7 Applicator

@snimshad 

We have Tunnel Monitoring when it comes to IPSEC tunnels. They can monitor tunnels to wait recover or fail over.. 

here are some articles and info on that:

 

DEAD PEER DETECTION AND TUNNEL MONITORING
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFaCAK

 

Setting up tunnel monitoring

https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/vpns/set-up-site-to-site-vpn/set-up-tunnel...

 

I hope this can help.

L0 Member


HI,

 

PA820- software version 9.1.3h1

GP client  5.1.3.-12

 

We are establishing RDP sessions through Globalprotect. These RDP sessions are closed, GP VPN also Closed.

We changed this value for "User Switch Tunnel Rename Timeout" to the maximum permitted (600 seconds),

but its not enough. We would like to have unlimited time for RDP. How can configure this???

 

small and high way VPN RDP sessions not closed.

 

Pfsense /cisco /softether 

 

please to advice to me 

L0 Member

 

we are using SSL tunnel 

Cyber Elite
Cyber Elite

@NGALTHAF so both rdp and the GP tunnel get disconnected?

 

 

You'll want to change the idle and lifetime timers to 7 days (can't have infinite)  on the ms-rdp application in objects > applications,

and change the connection timers (lifetime + disconnect on idle) in the GlobalProtect gateway in network > GlobalProtect > gateway > <gateway> > agent > connection settings

 

 

L0 Member

ms-rdp application in objects > applications,

Which value need change rdp.JPG

  • 8455 Views
  • 6 comments
  • 0 Likes
Register or Sign-in
Labels
Top Liked Authors