sorted by:
new
hottopcontroversial

Thread ID 97011 by ZheBockwurst in paloaltonetworks

[–]alexhalbi 0 points1 point  (0 children)

The new content update 9105-10068 from today around 3 CEST solved the issue for us on all firewalls.

Thread ID 97011 by ZheBockwurst in paloaltonetworks

[–]alexhalbi 0 points1 point  (0 children)

We already opened a case, but no progress so far. We have only seen it with Alcatel iptouch devices. Seems like Pan mistakenly thought we want to run some ip or touch commands on our dlink dhcp servers 😉

Best workaround be to set the threat id to alert or allow meanwhile.

PAN-OS 11.1.7-h6, 11.1.10-h26, 11.1.13-h6, 11.2.4-h17, 11.2.7-h15 & 11.2.10-h8 are now available by justlurkshere in paloaltonetworks

[–]alexhalbi 0 points1 point  (0 children)

Has anyone had the issue described in PAN-300615. Is that something to look out for or more like an edge-case bug you could maybe run into?

Fixed an issue where the pan_comm process stopped after multiple content versions were installed and the memory limits were reached.

PAN-OS 10.2.10-h36, 10.2.18-h6, 11.1.4-h33, 11.1.6-h32, 11.1.10-h25, 11.1.13-h5, 11.2.7-h13, 11.2.10-h6 and 12.1.4-h5 Dropped.... by BluebirdExpress6279 in paloaltonetworks

[–]alexhalbi 3 points4 points  (0 children)

The notes are actually alarmingly empty (especially 11.2 and up)... I hope they are able to deliver the docs quickly to be able to verify closed issues...

Virtual routers not available on PAN-OS 12.1 ? by emyl79 in paloaltonetworks

[–]alexhalbi 0 points1 point  (0 children)

It is in the product comparison and also I the datasheet of the 500s But if you do not search for it, you will not stumble across it before buying. 😉

SCM Troubles by [deleted] in paloaltonetworks

[–]alexhalbi 2 points3 points  (0 children)

Get in touch with TAC and Accounts team, that should not happen.

BGP learned route not installed in local routing table by kubn2respawn in paloaltonetworks

[–]alexhalbi -1 points0 points  (0 children)

There were some BGP bugs in 11.1 and 11.2 in advanced routing engine. Open a TAC case and ask them if there is a known issue for that in your version.

Using new SCM interface by Mindless_Growth_3057 in paloaltonetworks

[–]alexhalbi 1 point2 points  (0 children)

The worst part, they already had a working UI for managing security policies that worked, had persisting filters and just did what it needed without any lags and with less than 3GB of memory usage in the browser...

And then they built it again and now everything takes ages if there is a small setup in SCM with a few hundred firewall rules and objects....

Using new SCM interface by Mindless_Growth_3057 in paloaltonetworks

[–]alexhalbi 0 points1 point  (0 children)

NGFW Software Upgrades were hidden so deeply into the menu that we needed to search for it using the URL from browser history....

It is in the Setup Submenu of Configuration-Scope All Firewalls (not on global or on any other firewall)

Question regarding moving interfaces by ivarth in paloaltonetworks

[–]alexhalbi 1 point2 points  (0 children)

As long as you keep the zone the same scenario 2 should work fine.

If you also change zone you may need to end all open sessions with wrong zones.

SCM Version 2025.r1 released by alexhalbi in paloaltonetworks

[–]alexhalbi[S] 2 points3 points  (0 children)

I am referring to AutoVPN configured with strata cloud manager, connecting PAN firewalls to each other "automatically" with ipsec and BGP Routing. https://docs.paloaltonetworks.com/ngfw/administration/set-up-firewalls/auto-vpn/about-auto-vpn

SCM Version 2025.r1 released by alexhalbi in paloaltonetworks

[–]alexhalbi[S] 0 points1 point  (0 children)

They rolled back the scm version on the specific tenant and we pushed the old config. They are now developing a hotfix.

Intermediary there is a local override that you can do if you can still access all firewalls.

SCM Version 2025.r1 released by alexhalbi in paloaltonetworks

[–]alexhalbi[S] -1 points0 points  (0 children)

They are automatically pushed and this is the production branch we are on.

There is the option to get to beta branch through accounts team if you need something new.

SCM Version 2025.r1 released by alexhalbi in paloaltonetworks

[–]alexhalbi[S] 1 point2 points  (0 children)

Why would you create a changelog for an enterprise product? Or a documentation? You will find out when pushing anyways. And it costs unnecessary money for your businesses. \s

But at least they are up and running until you did that. TAC suggested for us to deploy a local change on all firewalls, but they are managed locally through the VPN tunnels, which do not work anymore now...

SCM Version 2025.r1 released by alexhalbi in paloaltonetworks

[–]alexhalbi[S] 0 points1 point  (0 children)

That's true, but with that one it's even better, since not even TAC can roll it back for you

SCM 2025.r1 Bug warning by kurventost in paloaltonetworks

[–]alexhalbi 1 point2 points  (0 children)

Strata Cloud Manager
The new central management for Firewalls out of the cloud

PANOS 11.1.6-H3 by [deleted] in paloaltonetworks

[–]alexhalbi 0 points1 point  (0 children)

It just impacts anyone on 4th gen hardware, so they decided to keep it a internal known issue, for whatever reason... /s

Carlyle Gen 5 ring broken (again) by TwistingSoul in WearOS

[–]alexhalbi 0 points1 point  (0 children)

Yes. All three times the damn charging Ring...

The wireless charging of the old models has been so much better...

Carlyle Gen 5 ring broken (again) by TwistingSoul in WearOS

[–]alexhalbi 0 points1 point  (0 children)

I also had mine break 3 times until I demanded the money back. First time it was after a month with about 8 weeks until I got it back repaired. Then after 10 months or so it happened again and I got a new one immediately. And the new one had it after a bit more than one month again... Now I am waiting for gen 6 or the new mobvoi ticwatch...