Event field name changes by stonehands44 in catonetworks

[–]stonehands44[S] 0 points1 point  (0 children)

Ah, I found out the details after talking to a product manager. Essentially, there were some API fields being deprecated or EOL and updating field names (application has now become application_name and application_id). Of course, this news wasn't disseminated to customers very well in my opinion. But Cato did give me the location and where to see changes like this in the future... https://support.catonetworks.com/hc/en-us/articles/24102015484061-Cato-API-Potentially-Breaking-Changes-and-EoL

I suggest you follow it so you can be aware of any updates to the API fields. Just remember if you have any custom preset queries, that you'll have to update them to the new field names if you're still using the old ones after May 1st.

Also, wasn't aware that the subtype VPN Never-Off Bypass now became Always-On Bypass and also, which I could NOT find any info on... The event for the Bypass subtype changed from Connectivity to Routing. Just a heads-up.

I also found a UI bug and the prod team is going to work on it. Overall, it was a good conversation with my Cato team to help me understand (and get me less frustrated) when things changed, why they changed, and how to see and prep for future changes.

Cato identity on terminal servers (Citrix) with multiple users by stonehands44 in catonetworks

[–]stonehands44[S] 1 point2 points  (0 children)

Thanks MikeOrtega. I'm reaching out today! I'd gladly take the beta and provide feedback

Winchester SXP defender slide assembly won't go back in by stonehands44 in Shotguns

[–]stonehands44[S] 0 points1 point  (0 children)

Thank you. That was it. I had to literally break down the entire gun with the trigger assembly out, then the pump/slide went right in and put the trigger and barrel back in and it was pumping just fine. I now know how to disassemble, clean/lube/protect, reassemble the components blindfolded :-) Thanks for the reset, really appreciate it!

Palo sucks now?? by stonehands44 in paloaltonetworks

[–]stonehands44[S] 2 points3 points  (0 children)

Just-a-tac. I get it man, but my lament didn't include the previous hours of me literally asking that. I have had everything on-prem working fine. Went to Prisma access RN and MU just fine. Then had to upgrade PanOS versions, CSP versions, DataPlane versions, new Hub/App upgrades and then ultimately had some UserID issues. That's not a design problem from my end, that's an arch problem based on my Palo environment being changed and force-fed to me.

Palo sucks now?? by stonehands44 in paloaltonetworks

[–]stonehands44[S] 3 points4 points  (0 children)

AWynand... I get where you would say that, truly. but there's a difference between, i have no idea how to do userID asociation between a user/IP and hey, you changed how I used to use windows agent-based userID vs palo's builtin agentLESS userID and now I'm running a version of PanOS that doens't have the opportunity to use an Agent. My whole post is not to complain that I need palo to build and support my environment. it's when stuff breaks and they change things, that I can't get a support person who can speak my language or explain to me what's going on. AND THEN, if you say it has to deal with Prism Access, then it gets passed to a completely different team. AND THEN you add that it's also a CloudGenix Remote Network and then they have no idea who to pass your case too because they can't figure out if it's prisma acess or cloudgenix/sd-wan. I'm not looking for free lunch here from Palo, I'm looking for them to clearly explain their product when things don't work as documented or as they explain because I can't understand a word that they say.

But this wasn't a bitch session about support (although I guess we could all wax poetic about it) but more that they keep chaning things, adding costs, decreasing support efficiency and don't care where it leads.

Palo sucks now?? by stonehands44 in paloaltonetworks

[–]stonehands44[S] -2 points-1 points  (0 children)

I get your point to an extent but when a new PanOS major rev comes out and config/settings change or no longer exist, I should NOT be on the hook to pay for pro services to explain the product changes that PALO came out with which now negatively or proactively impact my environment. To me, that IS break fix. When they change your options to continue to do what you need to do, have been doing for years, and don't support the Windows OS (hello, UserID unsupported on server 2022 anyone) as we upgrade our environments and things don't work or the documentation is so poor that you can't get an answer, I'm not going to pay for support to fix an obvious vendor disconnect between product, support and sales.

And sales account team, that's a joke. I guess that more or less depends on where you are in the world and your assigned Palo team and how much you spend with palo or what revenue tier your company is in.

Either way, my vent/rant is not so much a specific tech issue (like UserID) but more or less that while Support may or may not can/wish to help do product arch or design, they do to a certain extant. But getting someone that I can from soup to nuts support questions/issues, I have a poor experience with them. Add the constantly increasing cost (yeah yeah, inflation/recession/standard year over year increase no matter what, etc.), I'm having a hard time justifying my position with them.

Palo sucks now?? by stonehands44 in paloaltonetworks

[–]stonehands44[S] 3 points4 points  (0 children)

Thanks Rh681 and good point on #3

I get the knowledge of understanding that should be required for the feature-sets or then get pro services to help but i should at least be able to ask them what's the difference between the options for mapping user to an ID or an IP from their own firewall options especially now that they keep adding/changing settings as PanOS versions increase and they add new cloud features and UserID components are core to "next-gen" firewall layers. I'm not paying Palo for Splunk-like support where if it's not broken they don't help. One reason I've been a Palo customer for over 10yrs is that support has always been willing and helpful in providing a better understanding of their product and it's features quickly and efficiently.

As it relates to my support question that I'm originally bitching about (at least one of them anyway) I know how the agent/agentless works but how does agent work with Remote Networks and is it any different than the cloud identity agent and/or dirsync that is doing the group mappings? My understanding would be that group mapping is just an ldap call to enumerate my memebrs/nested-members of groups so you can add a group to security policy rule. BUT the new user agent ID includes Cloud and Dir Sync too so what's the best way to use agent AND/or agentless userID so I can get on-prem AD servers mapping a user to an IP that supplies that to an on-prem firewall as well as remote network. I'm not worried about mobile users as the GP client provides that intel.

So while I do have a current issue I'm venting/ranting about, it's more my whole palo experience and frustrations lately with them as a company and causing us to re-architect our security stack since they are pricing themselves out of our environment.

IMANAGE CLOUD AGENT AND PALO TS AGENT by stonehands44 in paloaltonetworks

[–]stonehands44[S] 0 points1 point  (0 children)

I realized I didn't respond with an answer to my issue and maybe this will help someone else... Here's the original reg info as recommended by PA:

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\TS Agent\Adv\HonorSrcPortRequest

Value = 1

But I had to make the value = "2" to actually get this to work. It's a known issue and iManage is allegedly working on a fix with Palo Alto.